meme-trader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructions in 'SKILL.md' direct the agent to execute a local TypeScript script ('scripts/fetch-meme-data.ts') using 'npx tsx'. This involves command execution with runtime compilation. The use of 'npx' can lead to the download and execution of packages from the npm registry if they are not already cached in the environment, which poses a risk of executing unverified code.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to its data ingestion patterns. 1. Ingestion points: As described in 'SKILL.md', the skill fetches data via 'WebFetch' from multiple external domains (dexscreener.com, pump.fun, etc.) and performs 'social sentiment scraping' from Twitter/X and Telegram. 2. Boundary markers: The instructions do not define any delimiters or system-level warnings to prevent the agent from following instructions embedded in the scraped social media or web content. 3. Capability inventory: The agent has the ability to write tasks ('TodoWrite') and execute commands ('npx') as documented in 'SKILL.md'. 4. Sanitization: There is no evidence of sanitization or filtering logic to neutralize potential malicious prompts contained within the ingested external data.
Audit Metadata