market-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process data from external sentiment reports which could contain adversarial instructions embedded by users on Reddit.\n
- Ingestion points: The skill loads and processes all
reddit-sentiment-*.mdfiles found in the/docs/directory.\n - Boundary markers: The documentation does not describe the use of markers, delimiters, or system instructions to ignore embedded prompts within the reports.\n
- Capability inventory: The skill extracts structured data, identifies patterns, and generates comprehensive market opportunity reports based on the ingested text.\n
- Sanitization: There is no evidence of input validation or sanitization to filter out malicious or override instructions from the source files.\n- NO_CODE (SAFE): No executable scripts (Python, Node.js, Shell) or binary files were provided for analysis. The evaluation is based on the functionality described in the
README.mdfile.
Audit Metadata