whale-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The TypeScript API reference imports functionality from
clodds/feeds/.... This package is not from a recognized trusted source (e.g., official providers) and no source URL or package registry is provided in the skill configuration, making it an unverified dependency. - [PROMPT_INJECTION] (LOW): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from Polymarket WebSockets and multiple blockchain providers (Solana, ETH, etc.). Attacker-controlled data such as transaction memos, token names, or market descriptions could contain malicious instructions intended to influence the agent's behavior during summarization or analysis.
- Ingestion points: Real-time trade monitoring via
tracker.on('trade')and crypto transaction monitoring viacryptoTracker.on('transaction'). - Boundary markers: None identified in the provided documentation to separate external data from agent instructions.
- Capability inventory: Local file writing (
exportTrades), console output, and network access to multiple API providers. - Sanitization: No evidence of sanitization or filtering of external transaction metadata is shown in the examples.
- [DATA_EXFILTRATION] (LOW): The skill requires access to sensitive environment variables (
POLY_API_KEY,BIRDEYE_API_KEY,ALCHEMY_API_KEY). While these are intended for legitimate API access, they represent a sensitive data exposure surface if the agent is compromised. - [DATA_EXFILTRATION] (LOW): The API includes methods to write data to the local filesystem (
exportTradestowhale-trades.csv). While the example shows a static path, this capability allows the agent to write persistent data to the host environment.
Audit Metadata