crypto-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill accepts untrusted user input for the 'user_id' parameter, which is stored and later echoed in various command outputs.
- Ingestion Point: The 'user_id' argument in the 'alert' command in 'scripts/crypto.py'.
- Boundary Markers: The skill does not use delimiters or provide instructions to the agent to ignore instructions embedded within the user IDs when they are displayed in 'alerts', 'check-alerts', or 'list-all' outputs.
- Capability Inventory: The script can write to the local filesystem ('save_alerts') and initiate network requests via 'httpx'.
- Sanitization: No input validation or sanitization is performed on the 'user_id' parameter.
- [DATA_EXFILTRATION]: Exposure of Personally Identifiable Information (PII). The provided example data in 'data/alerts.json' contains real-world formatting for phone numbers in the 'user_id' field. Storing such sensitive data in a plain JSON file and echoing it to the console increases the risk of data exposure.
Audit Metadata