skills/jeremylongshore/claude-code-plugins-plus-skills/analyzing-market-sentiment/Gen Agent Trust Hub
analyzing-market-sentiment
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has a susceptibility to indirect prompt injection because it retrieves and processes article titles and summaries from external sources.
- Ingestion points: Untrusted article content is fetched from CoinTelegraph, CoinDesk, and Decrypt RSS feeds in
scripts/news_sentiment.py. - Boundary markers: The skill does not implement boundary markers or instructions to isolate processed text from agent instructions.
- Capability inventory: The skill allows the use of
ReadandBash(crypto:sentiment-*)tools, which could be targeted by instructions embedded in external news data. - Sanitization: Although basic HTML stripping is performed in
_parse_rss_xml, there is no validation to detect or neutralize natural language injection attacks. - [REMOTE_CODE_EXECUTION]: The skill utilizes dynamic module loading, a pattern that warrants caution.
- In
scripts/news_sentiment.py, the skill dynamically modifies the Python execution path to import theNewsAggregatorclass from a sibling skill directory (crypto-news-aggregator), which constitutes dynamic loading from a computed path. - [EXTERNAL_DOWNLOADS]: The skill connects to several well-known financial and technology services to perform its analysis.
- It retrieves the Fear & Greed Index from
api.alternative.me. - It fetches market momentum data, including price and volume, from the CoinGecko API (
api.coingecko.com). - It aggregates news articles from official RSS feeds provided by established crypto media outlets.
Audit Metadata