prediction-arbitrage-scout
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs well-known Python packages (requests, pandas) and retrieves data from trustworthy financial API endpoints for Polymarket and Kalshi.\n- [COMMAND_EXECUTION] (SAFE): The skill executes its own local Python scripts via Bash. These commands are static and do not include user-controlled or untrusted parameters.\n- [PROMPT_INJECTION] (LOW): The skill presents a surface for Indirect Prompt Injection (Category 8).\n
- Ingestion points: Market names and questions are retrieved from external third-party APIs in fetch_polymarket.py and fetch_kalshi.py.\n
- Boundary markers: External data is placed directly into markdown reports (arbitrage_report.md) without the use of delimiters or 'ignore' instructions.\n
- Capability inventory: The skill uses Bash, WebFetch, and file writing capabilities.\n
- Sanitization: No sanitization or escaping of market names is performed before they are written to reports; an attacker-controlled market name could theoretically contain instructions intended to influence the agent when it subsequently reads the generated report.
Audit Metadata