mine
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in SKILL.md direct the agent to hide command execution text and internal action maps from the user. While this creates a cleaner user experience and prevents leakage of technical details, it is a form of action concealment.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the web during its crawling operations. This content is then used in LLM prompts for data enrichment, creating an indirect prompt injection surface. The skill includes content cleaning and optimization layers in the crawler pipeline to help mitigate this risk.
- [COMMAND_EXECUTION]: The skill relies on subprocess execution to run its crawler pipeline, manage background mining and validation workers, and interact with the awp-wallet CLI for request signing. It also includes an auto-update mechanism that uses git commands to synchronize with the source repository.
- [EXTERNAL_DOWNLOADS]: The bootstrap and update processes fetch software components from official GitHub repositories and package registries. These downloads are associated with the skill author and well-known services.
Audit Metadata