research
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local files, credentials, or environment variables. It communicates with an internal market-index service rather than performing direct external network requests.
- Unverifiable Dependencies & Remote Code Execution (SAFE): All dependencies are resolved via static relative imports to internal services. The code does not perform any remote script execution, package installation, or dynamic loading from untrusted paths.
- Indirect Prompt Injection (SAFE): While the skill ingests untrusted market data (such as market descriptions and questions), it does not have high-risk capabilities (like shell execution or file system access) that would enable exploitation. The surface is standard for search-based skills.
- Prompt Injection (SAFE): No instructions designed to bypass safety filters or override system behavior were found in the markdown or code files.
Audit Metadata