Skills
skills/holon-run/uxc/coinmarketcap-mcp-skill/Gen Agent Trust Hub

coinmarketcap-mcp-skill

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to use the uxc tool to create a localized CLI alias (coinmarketcap-mcp-cli), which facilitates structured interaction with the CoinMarketCap MCP server.
  • [EXTERNAL_DOWNLOADS]: All network operations are directed to the official and verified CoinMarketCap MCP endpoint at https://mcp.coinmarketcap.com/mcp for data retrieval.
  • [SAFE]: Authentication is correctly implemented using the X-CMC-MCP-API-KEY header. The documentation explicitly advises against hardcoding secrets, suggesting the use of environment variables or 1Password CLI (op://) for secure credential management.
  • [PROMPT_INJECTION]: The skill ingests external data from the CoinMarketCap API, including news and narrative descriptions, which represents a potential surface for indirect prompt injection. However, because the integration is read-only and uses a reputable financial service, the risk is minimal.
  • Ingestion points: get_crypto_latest_news, trending_crypto_narratives, and search_crypto_info operations defined in SKILL.md.
  • Boundary markers: None identified in the provided prompt patterns.
  • Capability inventory: Restricted to uxc command execution and data retrieval.
  • Sanitization: No explicit sanitization or filtering of API response content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 03:57 AM