Skills
AGENT LAB: SKILLS
skills/microck/ordinary-claude-skills/crypto-research/Gen Agent Trust Hub

crypto-research

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection because it processes untrusted data from the web and utilizes high-privilege tools. In accordance with the mandatory evidence chain for Category 8:\n
  • Ingestion points: Data is ingested from the internet via WebSearch and WebFetch tools as part of the news and market analysis workflows.\n
  • Boundary markers: The provided documentation does not specify the use of delimiters or 'ignore' instructions for the research data processed by the sub-agents.\n
  • Capability inventory: The skill possesses significant capabilities including the Bash tool (for directory setup and timestamping), the Task tool (for agent orchestration), and the Write tool (for file creation).\n
  • Sanitization: No sanitization or validation logic is documented for the external content before it is interpolated into the specialized agent prompts.\n- COMMAND_EXECUTION (LOW): The skill executes local shell scripts (scripts/setup-output-dir.sh) and system commands (date) to manage output organization. While these are intended for administrative tasks, their existence increases the potential impact if the agent is influenced by malicious instructions in a ticker parameter or fetched web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:31 PM