crypto-gold-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches real-time market data from recognized services including CoinGecko, Yahoo Finance, and ExchangeRate-API. These references are used for legitimate financial monitoring and do not contribute to risk escalation.
- [COMMAND_EXECUTION]: Utilizes curl and python3 to retrieve and parse JSON data. These operations are restricted to the skill's primary function of price tracking and follow standard usage patterns.
- [COMMAND_EXECUTION]: Includes standard documentation for granting execution permissions (chmod +x) to the local bash script, which is expected behavior for distributed shell scripts.
- [PROMPT_INJECTION]: The skill processes external data from financial APIs, which constitutes a potential surface for indirect prompt injection. 1. Ingestion points: Market data is ingested from remote APIs via curl in crypto-monitor.sh. 2. Boundary markers: No boundary markers or instructions to ignore embedded commands are present when processing API responses. 3. Capability inventory: The script can execute curl, python3, and write temporary files to /tmp/crypto-monitor/. 4. Sanitization: Employs python3 JSON parsing to extract specific keys, which restricts the processed data to structured numerical and string values.
Audit Metadata