aibtc-news-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs command-line strings for the aibtc-news tool. It implements single-quote escaping using the pattern .replace(/'/g, "'\''") to mitigate command injection risks when these strings are executed in a shell environment.
- [EXTERNAL_DOWNLOADS]: The check-sources subcommand uses the fetch API to perform reachability checks (HEAD requests) on external URLs. This is a functional feature for validating signal sources and includes a 5-second timeout via AbortController to prevent hanging.
- [DATA_EXFILTRATION]: No patterns of sensitive data access or exfiltration were found. Network operations are restricted to verifying the status of source URLs provided by the user or agent.
- [PROMPT_INJECTION]: The skill instructions and editorial guide promote factual, developer-focused reporting. No patterns suggesting attempts to manipulate or bypass AI safety constraints were detected.
- [DATA_EXPOSURE]: The skill processes provided observations but does not access local sensitive files, environment variables, or hardcoded credentials.
Audit Metadata