trade
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill automates the setup of its execution environment by installing the Bun runtime if it is missing.
- Evidence: Executes
curl -fsSL https://bun.sh/install | bashwithin the SKILL.md preflight steps and onboard.ts script. This is a standard installation method for the runtime from its official domain. - [EXTERNAL_DOWNLOADS]: Fetches required tools and metadata from well-known services.
- Evidence: Downloads dependencies from bun.sh and fetches data from established platforms including YouTube and X (Twitter) to perform extraction.
- [DATA_EXFILTRATION]: Transmits extracted content and trade data to the service's primary domain.
- Evidence: Sends source transcripts, metadata, and trade parameters to the paste.trade API. This behavior is documented and necessary for the skill's primary function of tracking market claims.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its handling of untrusted web data.
- Ingestion points: untrusted data enters via URL extraction in
extract.tsanddiarize.ts. - Boundary markers: markers are generally absent when the agent reads the extracted source text.
- Capability inventory: the skill can execute shell commands via the Bash tool, perform network operations using
fetch(), and write to the local filesystem usingBun.write(). - Sanitization: extraction results are subjected to strict JSON schema validation in
validate.tsbefore being saved or posted to the backend.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata