market-sentiment
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to non-whitelisted external domains to fetch RSS feeds.
- Evidence:
scripts/sentiment_analyzer.pydefinesRSS_FEEDSincluding several third-party cryptocurrency news sites. - [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection by ingesting and processing untrusted data from the internet.
- Ingestion points: The skill fetches article titles and descriptions from external RSS feeds in
scripts/sentiment_analyzer.py. - Boundary markers: None; there are no delimiters or instructions to ignore embedded commands in the fetched data.
- Capability inventory: The skill performs network GET requests and aggregates text; the agent uses this output to generate explanations.
- Sanitization: No sanitization or validation of the fetched content is performed before it is presented to the agent.
Audit Metadata