Skills
skills/moonpay/skills/messari-deep-research/Gen Agent Trust Hub

messari-deep-research

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script that executes local commands such as mkdir for directory creation and calls the mp CLI tool to interact with the Messari API.
  • [EXTERNAL_DOWNLOADS]: The workflow communicates with api.messari.io, a well-known industry data provider, to initiate research jobs and retrieve completed reports.
  • [PROMPT_INJECTION]: The skill processes and displays content returned from an external API, which constitutes an indirect prompt injection surface.
  • Ingestion points: Data is received from the Messari API response (SKILL.md).
  • Boundary markers: No explicit delimiters or safety instructions are provided to the agent to treat the fetched research content as untrusted (SKILL.md).
  • Capability inventory: The skill possesses filesystem access via bash redirection and the mkdir command (SKILL.md).
  • Sanitization: No specific sanitization or validation of the external JSON data is performed before it is saved or presented (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 10:25 PM