launch-alert-bot
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The workflow requires the agent to process untrusted external data sources, creating a significant injection surface. * Ingestion points: The skill ingests token metadata, DEX events, and social signals as defined in the Workflow and Failure Modes sections. * Boundary markers: There are no specified delimiters or 'ignore' instructions for the agent when handling these external strings. * Capability inventory: The agent is instructed to send formatted alerts to external platforms like Slack, Telegram, and X. * Sanitization: No sanitization, escaping, or schema validation is mentioned for the ingested data before output.
- [No Code] (INFO): The skill consists entirely of markdown instructions and does not include scripts, executables, or configuration files. While this prevents direct malicious execution within the skill itself, it delegates security responsibility entirely to the agent's implementation of the described logic.
Audit Metadata