stacks-market
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the external domain
https://api.stacksmarket.appinstacks-market.tsto retrieve market listings, search results, and specific market details via REST API calls. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from an external source.
- Ingestion points: Market titles, descriptions, and category data are fetched from the
stacksmarket.appAPI and returned to the agent context. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched market data.
- Capability inventory: The skill possesses significant capabilities, including the ability to sign and broadcast blockchain transactions (
buy-yes-auto,buy-no-auto,sell-yes-auto,sell-no-auto, andredeem) using an unlocked wallet. - Sanitization: The data is parsed as JSON and displayed, but no specific sanitization or filtering is performed to prevent instructions embedded in market descriptions from influencing agent behavior.
- [COMMAND_EXECUTION]: The skill explicitly uses
PostConditionMode.Allowfor Stacks blockchain transactions. While this is documented as necessary for the contract's internal logic (transferring funds between the sender, pool, and fee wallets), it represents a broader permission set than specific post-conditions.
Audit Metadata