analyzing-options-flow
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill requires access to sensitive files containing API keys and credentials for market data providers.\n
- Evidence: Both
SKILL.mdandreferences/implementation.mddirect the agent to 'Use Read tool to load API credentials from {baseDir}/config/crypto-apis.env' to authenticate and test connectivity.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external blockchain and market APIs.\n - Ingestion points: Market data from CoinGecko, Etherscan, and blockchain transactions queried via the
Bash(crypto:options-*)tool as described inSKILL.mdandreferences/implementation.md.\n - Boundary markers: There are no specific instructions or delimiters provided to ensure the agent ignores embedded commands or instructions within the external data it retrieves.\n
- Capability inventory: The skill utilizes
Bash(crypto:options-*),Write, andEdittools, which could be used maliciously if the agent is influenced by injected instructions.\n - Sanitization: No sanitization or validation protocols are defined for the fetched external content before the agent generates reports or executes further commands.
Audit Metadata