positions
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external market data, such as platform names and outcome descriptions, which are then displayed to the agent. This creates a surface where malicious instructions embedded in market data could influence the agent's behavior.\n
- Ingestion points: Command arguments in
index.tsand position data retrieved viamanager.getPositions().\n - Boundary markers: No boundary markers or delimiters are present in the output strings to the agent.\n
- Capability inventory: The skill can execute trades, specifically closing positions via
manager.closePosition.\n - Sanitization: The skill uses
parseFloatto validate numeric inputs like prices and percentages, but it does not sanitize or escape string-based market data before displaying it.
Audit Metadata