alphai-market
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies as having an attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context from external APIs (b.alph.ai) and WebSocket streams, specifically fields containing arbitrary text such as token descriptions (tokenDesc), AI narratives (aiNarrativeSentence, aiNarrativeParagraph), and social media mentions.
- Boundary markers: There are no explicit instructions or delimiters used to separate untrusted external data from the system prompt or to instruct the agent to ignore instructions within that data.
- Capability inventory: The skill allows the agent to query a wide range of market data APIs and WebSocket streams but lacks direct command execution or file system modification capabilities.
- Sanitization: The skill does not demonstrate any mechanisms to sanitize or validate the content retrieved from external sources before processing it.
Audit Metadata