funding-signal-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web data from Hacker News, Twitter, and Reddit without boundary markers, creating a surface for indirect prompt injection where malicious instructions embedded in web content could influence agent behavior. (Ingestion points: search_funding.py, web scrapers; Boundary markers: None; Capability inventory: web-search, apify-search; Sanitization: Regex extraction of specific data fields).
- [COMMAND_EXECUTION]: The skill executes shell commands to invoke helper scripts for scraping and data processing, which is standard behavior for its intended modular functionality.
- [EXTERNAL_DOWNLOADS]: Fetches funding announcement data from well-known services including Algolia's Hacker News API and Apify scraping tools. Dependencies like the 'requests' package are installed via standard package managers.
Audit Metadata