predictfun
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- CREDENTIALS_UNSAFE (LOW): The skill documentation describes the use of a blockchain private key (PREDICTFUN_PRIVATE_KEY) to sign transactions. While no keys are hardcoded, handling raw private keys is a high-risk activity for AI agents.
- PROMPT_INJECTION (LOW): The skill retrieves market data and orderbook information from the Predict.fun API, creating a surface for indirect prompt injection.
- Ingestion points: Market search results and detailed market data from the external API.
- Boundary markers: Not present in the manifest documentation.
- Capability inventory: Transaction execution (buy/sell/cancel) on the BNB Chain.
- Sanitization: Not applicable for this manifest-only file.
Audit Metadata