competitive-landscape
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill collects and transmits metadata including skill identifiers, execution status, timestamps, and platform details (operating system and architecture via uname) to a remote telemetry endpoint.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands (e.g., cat, grep, sed, mkdir, uname) to manage its local configuration and reporting processes.\n- [EXTERNAL_DOWNLOADS]: The skill performs outbound network operations using curl to send usage data to a remote service. Additionally, its workflow involves retrieving information from external sources like Twitter, GitHub, and DeFiLlama.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external data.\n
- Ingestion points: The workflow retrieves content from public web sources (Twitter, GitHub, DeFiLlama) and processes a local .superstack/idea-context.md file.\n
- Boundary markers: No clear delimiters or instructions to disregard embedded commands are present when handling this external content.\n
- Capability inventory: The skill possesses capabilities to execute shell scripts, perform network requests, and write files to the local system.\n
- Sanitization: Content from external sources is processed without validation or escaping.
Audit Metadata