luzia
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and process real-time data from an external API (api.luzia.dev), which is a surface for indirect prompt injection.
- Ingestion points: Cryptocurrency ticker prices, market lists, and trading pairs from the Luzia API.
- Boundary markers: The core instruction file (SKILL.md) was not provided; therefore, the use of delimiters or 'ignore' instructions cannot be verified.
- Capability inventory: According to documentation, the skill fetches and lists external data. No high-risk capabilities like shell access or arbitrary file writing were identified in the provided scripts.
- Sanitization: Not present in the installation scripts; data handling logic is likely contained in the missing logic file or the external SDK.
- [COMMAND_EXECUTION] (LOW): The package includes a postinstall script (install-skill.js) that automatically executes upon installation to create directories and copy files into the .claude/skills/ folder in the user's home directory.
- [DATA_EXFILTRATION] (LOW): The skill documentation indicates that it communicates with a non-whitelisted domain (api.luzia.dev) to retrieve cryptocurrency data.
Audit Metadata