prediction-trade-journal
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the Simmer Markets API (api.simmer.markets) to synchronize trade records and resolve market outcomes. This is the primary function of the skill and uses a well-known service domain.
- [DATA_EXFILTRATION]: The skill transmits the user's SIMMER_API_KEY to the official API for authentication. No evidence was found of sensitive data being sent to unauthorized or unknown third-party destinations.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted market data from the Simmer API (market questions and descriptions).
- Ingestion points: External data enters through API responses in tradejournal.py.
- Boundary markers: None; market questions are printed directly to the terminal.
- Capability inventory: The skill is limited to data storage and reporting; it does not contain high-risk capabilities like arbitrary command execution that could be exploited via malicious market descriptions.
- Sanitization: API content is displayed as-is without filtering, representing a minimal surface for indirect prompt injection.
Audit Metadata