skills/aibtcdev/skills/stacks-market/Gen Agent Trust Hub

stacks-market

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the external domain https://api.stacksmarket.app in stacks-market.ts to retrieve market listings, search results, and specific market details via REST API calls.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from an external source.
  • Ingestion points: Market titles, descriptions, and category data are fetched from the stacksmarket.app API and returned to the agent context.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched market data.
  • Capability inventory: The skill possesses significant capabilities, including the ability to sign and broadcast blockchain transactions (buy-yes-auto, buy-no-auto, sell-yes-auto, sell-no-auto, and redeem) using an unlocked wallet.
  • Sanitization: The data is parsed as JSON and displayed, but no specific sanitization or filtering is performed to prevent instructions embedded in market descriptions from influencing agent behavior.
  • [COMMAND_EXECUTION]: The skill explicitly uses PostConditionMode.Allow for Stacks blockchain transactions. While this is documented as necessary for the contract's internal logic (transferring funds between the sender, pool, and fee wallets), it represents a broader permission set than specific post-conditions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:51 AM
Security Audit — agent-trust-hub — stacks-market