aicoin
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external, untrusted sources which could contain malicious instructions designed to manipulate the agent's trading logic.
- Ingestion points:
scripts/news.mjs(news details and lists) andscripts/twitter.mjs(tweet content and search results). - Boundary markers: No specific delimiters or instructions are present to prevent the agent from following instructions embedded within the fetched content.
- Capability inventory: The agent has the ability to place orders, set leverage, and modify bot configurations via
scripts/exchange.mjsandscripts/auto-trade.mjs. - Sanitization: Content is fetched and displayed without sanitization or escaping of potential injection patterns.
- [COMMAND_EXECUTION]: Several scripts utilize
execSyncto perform infrastructure management and execution tasks. scripts/ft-deploy.mjsexecutes shell commands to install Python, clone the Freqtrade repository, run its setup script, and manage background processes.scripts/auto-trade.mjsuses subprocesses to call the internalexchange.mjsscript for executing trading operations.- [EXTERNAL_DOWNLOADS]:
scripts/ft-deploy.mjsclones the Freqtrade source code from its official GitHub repository. This is a well-known technology service, and the operation is a standard part of the documented deployment process for the trading bot. - [CREDENTIALS_UNSAFE]: The skill manages authentication for multiple services through local environment files.
- It automatically loads
.envfiles from the workspace and home directories to retrieve exchange API keys. lib/defaults.jsonincludes a hardcoded public free-tier access key and secret for the AiCoin API, which serves as a fallback for users without personal credentials.
Audit Metadata