prediction-markets-dome

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands using python3 to parse local configuration data and curl to interact with the service API endpoints as defined in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: References the use of npx for setup and authentication tasks involving the gooseworks and goose-skills packages.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes market titles and descriptions from external platforms.
  • Ingestion points: API data from Polymarket and Kalshi (e.g., /polymarket/markets, /kalshi/markets) referenced in SKILL.md.
  • Boundary markers: None implemented in the instruction templates.
  • Capability inventory: curl subprocess calls are used to fetch the data.
  • Sanitization: No sanitization or escaping of the ingested market data is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — prediction-markets-dome