polo-spot
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation directs users to provide raw API keys and secrets in a specific text format via file upload. This method of credential intake increases the risk of sensitive data being stored in logs or accidentally exposed within the conversation context.
- [DATA_EXFILTRATION]: The skill includes functionality for fund withdrawal endpoints. While part of the official Poloniex API, this represents a significant security risk as it could be used for unauthorized asset transfer if the agent is compromised or processes malicious input.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its ingestion of external API data. 1. Ingestion points: External data is retrieved from api.poloniex.com (e.g., market data and order history). 2. Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the API data. 3. Capability inventory: The agent has high-privilege permissions including trade execution and fund withdrawals. 4. Sanitization: No validation or sanitization of the external API content is mentioned.
- [NO_CODE]: No executable code or scripts are included in the skill files; the functionality is described through markdown instructions and documentation for the agent.
Audit Metadata