Skills
skills/cmeiliu/binance-us-skills/binance-us-asset-research/Gen Agent Trust Hub

binance-us-asset-research

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/binance_us_brief.py using the python3 command. It passes user-provided input (asset names) directly into command-line arguments --asset and --watchlist.
  • [PROMPT_INJECTION]: The skill contains deceptive metadata regarding its authorship. The YAML frontmatter identifies the author as 'Binance.US', which contradicts the actual author 'cmeiliu'. This discrepancy is a form of metadata poisoning that could lead users to misplace trust in the skill's provenance and security.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted asset names provided by users enter the context via SKILL.md. 2. Boundary markers: No delimiters or safety instructions are provided to the agent to treat this input as data rather than instructions. 3. Capability inventory: The skill performs shell command execution. 4. Sanitization: No sanitization logic is described in the skill's instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 08:34 PM