Skills
skills/jimmy-holiday/xxyy-trade-skill/xxyy-trade/Gen Agent Trust Hub

xxyy-trade

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying untrusted data from an external API.
  • Ingestion points: Token names, symbols, and social media links are fetched from the XXYY API and presented to the agent in mcp/src/tools/feed.ts and mcp/src/tools/query.ts.
  • Boundary markers: The skill does not wrap API-provided strings in delimiters or provide explicit instructions to the agent to disregard embedded commands in that data.
  • Capability inventory: The skill can execute high-impact financial transactions, including buying and selling tokens, as implemented in mcp/src/tools/swap.ts.
  • Sanitization: Data returned from the API is displayed without sanitization or escaping of potential injection patterns.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands for its primary trading and query operations, as defined in the SKILL.md execution rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 05:13 PM