lista
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill aggregates data from external sources including the Lista API and MCP tools, which presents a surface for indirect prompt injection. Content retrieved from these sources is used to populate user reports. 1. Ingestion points: Position, market, and yield data retrieved from api.lista.org and lista_* MCP tools. 2. Boundary markers: The skill does not employ explicit delimiters to separate fetched data from agent instructions. 3. Capability inventory: The skill can execute a local Node.js utility and perform shell-based file operations in the ~/.lista/ directory. 4. Sanitization: No specific validation or escaping mechanisms for retrieved data are defined.
- [COMMAND_EXECUTION]: The skill executes an internal Node.js script (scripts/moolah.js) to process protocol data. It also utilizes shell commands like cat, mkdir, and echo to manage user-specific configuration files stored locally in the ~/.lista/ folder.
Audit Metadata