Skills
skills/aibtcdev/skills/stacks-market/Gen Agent Trust Hub

stacks-market

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches market data, trade history, and pricing information from the external REST API at https://api.stacksmarket.app.
  • [COMMAND_EXECUTION]: Executes on-chain transactions via the callContract utility, targeting the market-factory-v18-bias contract on Stacks mainnet for trading and redemption. Transactions are explicitly configured with PostConditionMode.Allow as required by the contract logic.
  • [PROMPT_INJECTION]: Ingests market titles, descriptions, and categories from an external API, creating a surface for potential indirect prompt injection if market metadata contains malicious instructions.
  • Ingestion points: Data entering the agent context via fetchMarketApi from api.stacksmarket.app (seen in stacks-market.ts).
  • Boundary markers: Absent; the skill does not currently use specific delimiters to wrap external market text.
  • Capability inventory: The skill can perform on-chain contract writes (callContract) and additional network requests (fetch).
  • Sanitization: Market IDs are converted to BigInt or uintCV for on-chain calls, but market titles and descriptions are processed as strings for the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:00 AM