crypto-levels
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- [Category 8: Indirect Prompt Injection] (LOW): The skill ingests untrusted external data (cryptocurrency market data from APIs) and user-provided symbols. Analysis of the ingestion surface shows it is restricted to technical analysis calculations and display. Capability inventory reveals no high-privilege side effects like arbitrary file writing or command execution based on external content. Boundary markers and sanitization (normalization of pair strings) are present in the provided scripts.
- [Category 4: Unverifiable Dependencies] (LOW): The skill declares a dependency on the standard
requestslibrary (>=2.25.0) in its metadata. Installation instructions use standard ecosystem patterns (ClawHub or git clone). - [Category 2: Data Exposure] (INFO): Analysis results are written to local temporary files (e.g.,
/tmp/crypto_analysis_manual.json). These files contain only market data and technical calculations, with no sensitive user information or hardcoded credentials detected. - [SAFE] (SAFE): No indicators of obfuscation, persistence, privilege escalation, or malicious code were found across the scripts or documentation.
Audit Metadata