coinstats-fiats
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
coinstats-cliNode.js package. This is a vendor-owned resource from the author, coinstatshq, and is considered safe.\n- [CREDENTIALS_UNSAFE]: The skill requires theCOINSTATS_API_KEYenvironment variable for authentication. It provides setup instructions using a placeholder, which is a standard and safe practice.\n- [PROMPT_INJECTION]: The skill retrieves data from the CoinStats public API, creating a surface for indirect prompt injection.\n - Ingestion points:
SKILL.md(data fromcoinstats fiats listcommand).\n - Boundary markers: Absent.\n
- Capability inventory:
Bash(coinstats:*)inSKILL.md.\n - Sanitization: Absent.
Audit Metadata