crypto
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The script
scripts/crypto.pyperforms network requests toapi.coingecko.com. While this is the intended purpose of the skill, the domain is not included in the predefined trusted whitelist. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes data from an external API.
- Ingestion points: Market data is fetched from the CoinGecko API in
scripts/crypto.pyand returned to the agent. - Boundary markers: Absent.
SKILL.mddoes not specify delimiters or instructions for the agent to ignore instructions embedded in the API response. - Capability inventory: The skill executes a Python script via subprocess (
python3 scripts/crypto.py <symbol>) but does not perform file-write or network-send operations based on the ingested data. - Sanitization: The script uses
json.loadsto ensure the response is valid JSON, though it does not sanitize the content of the strings returned by the API. - [COMMAND_EXECUTION] (SAFE): The skill executes a local script using arguments derived from user input. The script handles these arguments within Python and does not utilize a shell (
shell=True) or dangerous execution functions likeeval().
Audit Metadata