signals
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
sncommand-line utility from the vendor's Homebrew tap located atgithub.com/Spot-Canvas/sn. - [COMMAND_EXECUTION]: Uses Bash to configure the
snutility and execute commands for subscribing to live signal streams and processing JSON output. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing data from an external signal stream.
- Ingestion points: Live signal payloads received via
sn signalsinSKILL.md. - Boundary markers: No delimiters or safety instructions are specified for handling the contents of the signal payloads.
- Capability inventory: The agent is expected to make trading decisions based on signal data and has the ability to execute network operations via
curl. - Sanitization: There is no evidence of sanitization for natural language fields like
reasonorrisk_reasoning, which could contain malicious instructions if the upstream signal provider is compromised.
Audit Metadata