bitcoin-daily
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script located at
~/workspace/skills/bitcoin-daily/scripts/digest.jsto process and aggregate Bitcoin development data. - [EXTERNAL_DOWNLOADS]: Fetches mailing list content from Google Groups and commit history from GitHub. These references target well-known services and are documented neutrally as part of the skill's primary data-fetching functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text from public mailing lists and code repositories which could contain instructions intended to influence the agent's behavior. (1) Ingestion points: Content is retrieved from
groups.google.com/g/bitcoindevandgithub.com/bitcoin/bitcoin. (2) Boundary markers: No delimiters or protective instructions are utilized to separate external data from the agent's system prompt. (3) Capability inventory: The skill executes a local script and performs file-write operations to the local workspace. (4) Sanitization: No explicit sanitization or validation of the fetched external content is performed before it is processed by the agent.
Audit Metadata