Skills
skills/alsk1992/cloddsbot/portfolio-sync/Gen Agent Trust Hub

portfolio-sync

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from external prediction markets and presents it directly to the agent's context.
  • Ingestion points: Data is ingested via service.getPositionsByPlatform and service.getSummary in index.ts.
  • Boundary markers: Absent. The output is formatted as a plain markdown list without delimiters or instructions to the LLM to ignore embedded commands.
  • Capability inventory: The skill primarily performs string formatting; however, the agent's overall capability set (not fully visible here) could be leveraged if the agent obeys instructions hidden in market titles.
  • Sanitization: The marketQuestion and marketId fields are used directly in the output string without escaping or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 08:51 PM