history
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests market descriptions and questions from external exchange APIs which are then displayed to the user via search and export commands. If an external market is named with malicious instructions, they would enter the agent context.
- Ingestion points: marketQuestion and marketId are fetched from external APIs in index.ts and displayed in the search command.
- Boundary markers: No explicit delimiters are used when printing market questions to the chat interface.
- Capability inventory: The skill is capable of exporting data and displaying statistics; it does not have autonomous execution or file-writing capabilities beyond the database sync.
- Sanitization: No sanitization is performed on market strings before display.
- Data Exposure (LOW): The skill provides commands to export full trade history to the chat interface in CSV or JSON format. While this is its primary purpose, it places sensitive financial history into the agent's message history.
- Dynamic Execution (SAFE): The skill uses dynamic imports (import()) to load the history and database logic. These paths are hardcoded to local directories (../../../history) and are not influenced by user input.
Audit Metadata