integrations
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests data from external webhooks, REST APIs, and WebSockets to trigger trading bot actions.\n
- Ingestion points:
addWebhook,addRest, andaddWebSocketinSKILL.md.\n - Boundary markers: Absent. There are no explicit delimiters to separate untrusted data from instructions.\n
- Capability inventory: Trading execution (
bot.execute) and local database access.\n - Sanitization: Relies on optional JSON schema validation for webhooks but lacks generic sanitization for other data feeds.\n- CREDENTIALS_UNSAFE (LOW): The skill handles sensitive API keys. The command
/integrations set <source> key <api-key>accepts credentials as plain text CLI arguments, which may be exposed in logs or process monitors.
Audit Metadata