skills/jeremylongshore/claude-code-plugins-plus-skills/analyzing-market-sentiment/Gen Agent Trust Hub
analyzing-market-sentiment
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/news_sentiment.pydynamically modifies the Python system path (sys.path) to load an optionalNewsAggregatormodule from a sibling directory path computed at runtime. While this supports modularity, loading code from dynamically generated paths is a identified risk pattern. - [EXTERNAL_DOWNLOADS]: The skill connects to multiple external services to retrieve market indicators and news. It fetches data from the Alternative.me Fear & Greed API and the CoinGecko market API. Additionally, it retrieves news articles from RSS feeds provided by CoinTelegraph, CoinDesk, and Decrypt.
- [PROMPT_INJECTION]: The skill processes untrusted text from external RSS feeds, presenting an indirect prompt injection surface.
- Ingestion points: External news article titles and summaries are fetched in
scripts/news_sentiment.py. - Boundary markers: No specific boundary markers or isolation instructions are used when processing the news content for analysis.
- Capability inventory: The skill is primarily analytical and does not include dangerous capabilities such as arbitrary command execution or file-system writing based on the ingested data.
- Sanitization: The skill performs basic sanitization by stripping HTML tags from news content using regular expressions.
Audit Metadata