Skills
skills/star23/day1global-skills/btc-bottom-model/Gen Agent Trust Hub

btc-bottom-model

Fail

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill identifies https://brief.day1global.xyz/api/btc-score as its primary data source for Bitcoin metrics. This URL is currently blacklisted by security scanners, posing a risk when the agent fetches remote content during skill execution.
  • [DATA_EXFILTRATION]: The skill initiates network requests to a domain flagged as malicious. Interaction with blacklisted infrastructure can be leveraged for unauthorized data transmission or as a channel for command-and-control activities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from an untrusted and blacklisted API. The external content is interpolated into the agent's final response without sanitization or protective boundary markers.
  • Ingestion points: External data retrieved from the https://brief.day1global.xyz/api/btc-score endpoint (SKILL.md).
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the fetched data.
  • Capability inventory: The agent uses the external data to perform calculations and generate market heat reports with specific buy/sell recommendations.
  • Sanitization: None. The skill lacks validation or filtering of the response received from the external API.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 12:31 PM