edge
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill performs a dynamic import (
await import) using a relative path that traverses three levels above the skill's root directory ('../../../weather/edge'). This reaching outside of the skill's specific directory can be a security concern if the execution environment does not enforce strict isolation between skills or if the directory structure can be influenced by an attacker.\n- Indirect Prompt Injection (LOW): The skill processes and displays data from external market sources which could contain malicious instructions designed to influence the behavior of the AI agent.\n - Ingestion points: Market questions and descriptions retrieved via
calculator.scanForEdge()and handled in thescanandtopcommands withinindex.ts.\n - Boundary markers: None. Market data is concatenated directly into the markdown output returned to the agent.\n
- Capability inventory: No direct subprocess execution,
eval/execcalls, or file-write operations were detected in the provided code.\n - Sanitization: The script performs simple string slicing for the output but does not include any logic to escape or validate the content of the external market strings for embedded instructions.
Audit Metadata