Skills
skills/ferminrp/agent-skills/crypto-prices-criptoya/Gen Agent Trust Hub

crypto-prices-criptoya

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill performs network requests to https://criptoya.com. While this is the intended purpose for fetching market data, the domain is not included in the trusted whitelist.
  • COMMAND_EXECUTION (LOW): The workflow relies on executing curl and jq using variables like {coin} and {fiat} provided by the user. If the agent does not strictly validate these strings, it could lead to command injection, although the risk is lowered by the skill's defined list of admitted values.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes data from an external API without boundary markers.
  • Ingestion points: API responses from https://criptoya.com.
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or specific safety instructions when processing the external data.
  • Capability inventory: Shell execution via curl and jq.
  • Sanitization: The skill recommends basic error handling (checking for "Invalid pair" or valid JSON) but lacks content sanitization against malicious strings in the API response.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM