analyze-gas-fertilizer-contract-shock
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The workflow executes shell commands and Python scripts using parameters derived from external sources. The absence of sanitization for these parameters (e.g.,
--symbol) poses a command injection risk. - COMMAND_EXECUTION (HIGH): The skill recommends starting Chrome with
--remote-debugging-port=9222and--remote-allow-origins=*. This configuration allows any malicious website to control the browser session via the exposed debugging port. - PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: TradingEconomics (CDP) and FRED. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution, browser control, and file writes. 4. Sanitization: Absent. Malicious data on scraped pages could potentially manipulate the agent's logic or the underlying scripts.
- EXTERNAL_DOWNLOADS (LOW): The skill downloads data from TradingEconomics and FRED. While these are reputable sources, the download process via CDP is high-privilege, and no integrity verification is performed on the data.
Recommendations
- AI detected serious security threats
Audit Metadata