taapi
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET and POST requests to
https://api.taapi.iousing the system's proxied client. This is the intended behavior for fetching technical indicators from the TaAPI well-known service.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from an external source.\n - Ingestion points: Data is retrieved from the TaAPI API in
tools/indicators.pyandtools/support_resistance.py.\n - Boundary markers: Indicator data is output in JSON or concise string formats; specific delimiters to isolate data from agent instructions are not explicitly used.\n
- Capability inventory: Includes network access via
proxied_getandproxied_postacross multiple scripts.\n - Sanitization: The skill validates JSON structure. While no natural language instruction filtering is present, the numeric and technical nature of the data source poses a negligible risk.\n- [SAFE]: The skill does not contain hardcoded credentials, obfuscation, or persistence mechanisms. It correctly manages authentication using environment variables and lacks any unauthorized command execution patterns.
Audit Metadata