Skills
skills/aibtcdev/skills/aibtc-news-deal-flow/Gen Agent Trust Hub

aibtc-news-deal-flow

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The compose-signal subcommand generates a shell command string (fileCommand) intended for manual execution by the user. The skill uses single-quote escaping (.replace(/'/g, "'\\''")) to prevent basic shell injection from user-provided headlines or content.
  • [EXTERNAL_DOWNLOADS]: The check-sources subcommand performs network requests using the fetch API with the HEAD method. It targets URLs provided in the user's input to verify reachability. This functionality acts as a Server-Side Request Forgery (SSRF) surface, allowing the tool to be used to probe the status of arbitrary external or internal network endpoints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via untrusted data processing.
  • Ingestion points: The skill ingests raw observations through the --observation argument and source metadata through the --sources JSON argument in aibtc-news-deal-flow.ts.
  • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded within the news observations.
  • Capability inventory: The skill has the ability to perform network requests (fetch) and generate executable CLI commands for the aibtc-news skill.
  • Sanitization: The skill implements basic validation, including length constraints, regex-based "hype word" filtering, and shell-safe character escaping, which provides limited protection against adversarial input.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 07:02 AM