crypto
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation instructs the installation of 'ccxt' (pip3 install ccxt --user). CCXT is a widely trusted, high-reputation open-source library for crypto exchange interaction.
- [NO_CODE] (INFO): The primary logic file 'scripts/crypto.py' mentioned throughout the documentation is missing from the provided context. This assessment is based on the instructions, metadata, and reference files provided.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill fetches data from external crypto exchange APIs, creating an ingestion point for untrusted data.
- Ingestion points: Real-time ticker and orderbook data fetched from remote exchanges (scripts/crypto.py).
- Boundary markers: None identified in the instructional content.
- Capability inventory: Logic displays data and writes to a local config file (~/.config/crypto/alerts.json).
- Sanitization: Unverifiable due to missing script source, but risk is naturally mitigated by the numeric nature of the primary data payload.
- [DATA_EXPOSURE] (INFO): The skill stores local state in '~/.config/crypto/alerts.json'. This is a standard practice for CLI-based monitoring tools and does not target sensitive system credentials.
Audit Metadata