Skills
skills/0xweaksheep/dome_skills/market-discovery/Gen Agent Trust Hub

market-discovery

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests and processes untrusted market data (titles, descriptions, and tags) from the external DOME API, which creates a surface for indirect prompt injection.
  • Ingestion points: Market data enters the system through the fetchMarkets and searchMarkets functions in scripts/marketDiscovery.ts.
  • Boundary markers: The skill does not implement explicit boundary markers or instructions for the agent to ignore potentially malicious content within the fetched data.
  • Capability inventory: The skill possesses network-read capabilities via the fetch API. It does not have file-write, subprocess execution, or dynamic code execution capabilities.
  • Sanitization: No sanitization, escaping, or filtering of the external text content is performed before it is processed or returned.
  • [DATA_EXFILTRATION]: The skill performs network operations to a domain (api.domeapi.io) that is not on the default whitelist for data exfiltration analysis.
  • Evidence: In scripts/marketDiscovery.ts, the makeRequest function uses the global fetch API to communicate with https://api.domeapi.io/v1.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 07:33 AM