tracking-crypto-prices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill manages API credentials through environment variables and local configuration files (.env), which is a standard and expected practice for a data-fetching utility. No hardcoded secrets were found.
- [External Downloads] (SAFE): The skill specifies common and trusted Python libraries (requests, pandas, yfinance) as prerequisites, which are installed through standard package managers.
- [Indirect Prompt Injection] (LOW): The skill processes data from external APIs (CoinGecko and yfinance), creating a potential surface for indirect injection. However, this is mitigated by the use of structured output formats like JSON and CSV. Ingestion points: Remote API endpoints for price data. Boundary markers: Structured JSON/CSV output. Capability inventory: File read/write (for caching and data export) and Python script execution. Sanitization: Standard data formatting is applied, though no specific LLM-level content sanitization is described.
Audit Metadata