Skills
skills/hubblevision/hubble-data-service-skill/crypto-market/Gen Agent Trust Hub

crypto-market

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network requests using curl to an external server at http://43.167.234.49:3101. This IP address is not a recognized well-known service or whitelisted domain.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted external news data via the /api/v2/crypto/news/ endpoints.
  • Ingestion points: News data is ingested from external sources in SKILL.md (via API calls).
  • Boundary markers: Absent; there are no instructions for the agent to distinguish between its core instructions and potentially malicious instructions embedded within the news content.
  • Capability inventory: The skill has network access capabilities via curl.
  • Sanitization: No evidence of content sanitization or validation of the retrieved news articles before they are presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:51 PM