Skills
skills/discountry/ritmex-skills/airdrop-tracker/Gen Agent Trust Hub

airdrop-tracker

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external website.
  • Ingestion points: Scrapes project names, funding, and links from cryptorank.io as defined in SKILL.md.
  • Boundary markers: Absent. The instructions do not define delimiters or specific safety instructions to prevent the agent from following commands that might be embedded in the scraped web content.
  • Capability inventory: The skill has the capability to write files to the local file system (~/Documents/airdrops/) and send network notifications via the mcp__telegram-notification__send_notification tool.
  • Sanitization: Absent. The skill instructions direct the agent to format scraped strings directly into HTML for the notification without mention of escaping or validation.
  • [DATA_EXFILTRATION]: The skill transmits data collected from the user's environment (scraped content and generated reports) to an external service via the Telegram notification tool. While this is the intended functionality, it establishes a network path for data leaving the local context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 10:37 PM