predictor-hand-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell_exec tool to perform platform detection via a Python command string. While the specific command is benign, the availability of this tool enables broader system interaction capabilities.
- [EXTERNAL_DOWNLOADS]: The skill is designed to perform 20-40 web searches and fetches per cycle to collect forecasting signals, which involves connecting to and downloading content from numerous external, untrusted domains.
- [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. 1. Ingestion points: Content is fetched from arbitrary external websites via web_fetch in Phase 2 of the system prompt. 2. Boundary markers: The instructions lack clear delimiters or warnings for the agent to ignore embedded instructions within the fetched data. 3. Capability inventory: The agent possesses shell_exec, file_write, and schedule_create tools, which could be exploited if an injection occurs. 4. Sanitization: No evidence of sanitization, escaping, or validation of the fetched web content is present.
Audit Metadata