bodega-markets
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses local relative imports to a client library (
bodega-client.js) located in the agent's shared scripts directory, which is a standard and safe integration pattern. - [SAFE]: No network calls, file system modifications, or hardcoded secrets were detected within the skill's own code.
- [SAFE]: The trading flow maintains a strong security boundary by only preparing transaction data and instructing the user to sign and submit through a separate operator tool.
- [SAFE]: While the skill ingests potentially untrusted market data (such as titles or questions) from an external source, it lacks dangerous capabilities (like shell execution or arbitrary file writes) that could be exploited via indirect prompt injection, resulting in a safe configuration.
Audit Metadata