Skills
skills/lyndonkl/claude/mlb-trade-evaluator/Gen Agent Trust Hub

mlb-trade-evaluator

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to process untrusted trade proposal data pasted by users from external sites like Yahoo. There are no specified boundary markers (e.g., delimiters) or instructions to disregard potential commands embedded within the trade text.
  • Ingestion points: SKILL.md (Workflow Step 1: Parse the offer).
  • Boundary markers: Absent.
  • Capability inventory: File system writes (signals and decision logs), invocation of external skills (@skills/adverse-selection-prior/), and web data retrieval.
  • Sanitization: Absent.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves player projections, injury reports, and dollar valuations from established domain-specific services including FanGraphs, RotoWire, and Razzball. These fetches are used solely for the stated purpose of statistical trade evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 01:25 PM