Skills
skills/starchild-ai-agent/official-skills/truenorth/Gen Agent Trust Hub

truenorth

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @truenorth-ai/cli package globally using the npm package manager during the installation phase.
  • [COMMAND_EXECUTION]: The skill relies on the tn binary to perform entity recognition and market data retrieval. Commands are executed locally to interface with the TrueNorth public REST API at api.adventai.io.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating raw user messages directly into shell commands (e.g., tn ner "<user message>" --json).
  • Ingestion points: User input is ingested in the SKILL.md file during the named entity recognition (NER) step and passed to the CLI.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the command template.
  • Capability inventory: The skill uses the tn CLI tool which performs network requests to a specific public API.
  • Sanitization: There is no explicit sanitization logic defined within the instructions to escape shell metacharacters in the user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 08:12 AM