Skills
skills/sendaifun/solana-new/find-next-crypto-idea/Gen Agent Trust Hub

find-next-crypto-idea

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands in the preamble and telemetry sections to manage session state and local logs in the user's home directory under ~/.superstack.
  • [COMMAND_EXECUTION]: Invokes local Python scripts scripts/live_research.py and scripts/render_report.py to perform market research and generate HTML artifacts.
  • [DATA_EXFILTRATION]: Performs telemetry by sending session metadata to a remote endpoint via curl. The target URL is dynamically retrieved from the user's local configuration file ~/.superstack/config.json.
  • [EXTERNAL_DOWNLOADS]: Recommends the execution of npx bird, which involves downloading and running the bird.fast package from the NPM registry at runtime.
  • [PROMPT_INJECTION]: The skill ingests untrusted external data from the Helius blog and social media search results, creating a surface for indirect prompt injection.
  • Ingestion points: references/research-playbook.md (Helius blog fetch) and bird search results.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution, network requests via curl, and local file writing (.html, .jsonl, .md).
  • Sanitization: No evidence of sanitization or validation of the fetched external content is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 03:26 PM