base-trader
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted external data (trending tokens, market sentiment, and price data) via the 'Bankr' API to inform trading decisions.
- Ingestion points: Market data, trending token lists, and social sentiment metrics are fetched from external sources via
bankr.shand processed within the agent's context (e.g., inSKILL.mdandreferences/market-research-bankr.md). - Boundary markers: The instructions lack explicit delimiters or "ignore embedded instructions" warnings for the data returned from the market research tools.
- Capability inventory: The skill has high-impact capabilities, including the ability to execute token purchases and sales on the Base blockchain.
- Sanitization: No evidence of input sanitization or validation of token metadata or sentiment strings is present before these values are used in the agent's reasoning loop.
- [COMMAND_EXECUTION]: The skill executes several shell scripts to perform its core functions. This includes
scripts/check-portfolio.sh,scripts/log-trade.sh, and calls to an external dependencybankr.shlocated in a different skill folder. These commands are used to query wallet balances, log activity to local JSON files, and execute trades. - [EXTERNAL_DOWNLOADS]: The
README.mdprovides standard installation instructions usinggit clonefrom a GitHub repository (github.com/tedkaczynski-the-bot/base-trader.git) and theclawdhubpackage manager. While these involve external network operations, they are part of the initial setup and do not constitute unverified runtime downloads or remote code execution.
Audit Metadata