prediction-markets-dome
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands using
python3to parse local configuration data andcurlto interact with the service API endpoints as defined inSKILL.md. - [EXTERNAL_DOWNLOADS]: References the use of
npxfor setup and authentication tasks involving thegooseworksandgoose-skillspackages. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes market titles and descriptions from external platforms.
- Ingestion points: API data from Polymarket and Kalshi (e.g.,
/polymarket/markets,/kalshi/markets) referenced inSKILL.md. - Boundary markers: None implemented in the instruction templates.
- Capability inventory:
curlsubprocess calls are used to fetch the data. - Sanitization: No sanitization or escaping of the ingested market data is specified.
Audit Metadata