aftermath-perpetuals
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the vendor's official domain (aftermath.finance) to fetch real-time market data, account history, and OpenAPI specifications. These operations are essential for the skill's primary function and target trusted vendor infrastructure.
- [COMMAND_EXECUTION]: A local Python script,
scripts/check_api_changes.py, is provided to help developers monitor for updates in the API specification. The script uses standard libraries to compare SHA256 hashes of the remote specification and does not execute arbitrary code or utilize unsafe subprocess calls. - [DATA_EXFILTRATION]: No evidence was found of sensitive data, such as private keys, environment variables, or SSH credentials, being accessed or transmitted to unauthorized third-party services.
- [PROMPT_INJECTION]: The skill instructions do not contain patterns intended to bypass AI safety filters or override system instructions. All instructional content is focused on protocol integration and risk management.
Recommendations
- Contains 6 malicious URL(s) - DO NOT USE
Audit Metadata