market-data
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or safety bypass attempts were detected. the skill performs standard informational queries to public APIs.
- [NO_CODE]: This skill definition is provided entirely in markdown format and contains no associated Python, JavaScript, or shell scripts.
- [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection as it ingests data from external sources such as the CoinGecko API and blockchain contracts. However, this risk is inherent to its primary purpose.
- Ingestion points: External data is retrieved via CoinGecko API calls and blockchain read operations using
read_contract. - Boundary markers: The skill documentation does not specify the use of delimiters or boundary markers to isolate untrusted external content.
- Capability inventory: Capabilities are limited to data lookup and search; there are no dangerous capabilities such as file system writes or command execution.
- Sanitization: No specific data validation or sanitization procedures are mentioned in the skill definition.
Audit Metadata