opportunity-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the AI agent to dynamically create executable scripts on the local filesystem. Evidence includes the instructions in 'references/source-code-v5.md' to extract Python and Shell code blocks into 'scripts/opportunity-scan-v5.py' and 'scripts/opportunity-report.sh' followed by 'chmod +x' and execution commands.\n- [COMMAND_EXECUTION]: The skill implements persistence by directing the agent to configure a cron job for automated, recurring execution of the scanning pipeline. Evidence is found in the 'Cron Setup' section of 'SKILL.md'.\n- [PROMPT_INJECTION]: The skill presents a vulnerability to indirect prompt injection due to its ingestion of external API data that is later processed by the LLM. \n
- Ingestion points: Data is fetched from Hyperliquid API endpoints, including 'metaAndAssetCtxs', 'leaderboard_get_markets', and candle history.\n
- Boundary markers: The skill does not implement delimiters or 'ignore' instructions for the data interpolated into the LLM report.\n
- Capability inventory: The skill possesses capabilities for shell command execution, local file system read/write, and network operations.\n
- Sanitization: There is no evidence of sanitization, validation, or escaping of the external API content before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata