mmt-trading-systems
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Category 2: Data Exposure & Exfiltration] (LOW): The skill performs network operations to fetch market data and maintain WebSocket connections to 'mmt.gg'. While necessary for the skill's purpose, this domain is not included in the trusted whitelist.
- [Category 8: Indirect Prompt Injection] (INFO): The skill possesses an ingestion surface for external data that could theoretically be used for injection, though the risk is negligible due to the numeric nature of the data.
- Ingestion points: Market data is ingested via WebSocket streams and REST API responses in 'rules/bot-architecture-event-driven.md' and 'rules/backtest-historical-data-fetching.md'.
- Boundary markers: None present in the code templates.
- Capability inventory: The skill includes patterns for local file system modification ('rules/bot-state-management.md') and logic for executing trades via external exchange APIs.
- Sanitization: Ingested data is parsed as JSON and processed as numeric types (prices, quantities), which provides inherent protection against natural language prompt injection vectors.
Audit Metadata