blave-quant
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists exclusively of Markdown documentation and reference materials; no executable code, binaries, or scripts are included in the package files.- [SAFE]: A mandatory safety protocol is enforced in SKILL.md, overriding all other instructions, requiring the agent to obtain explicit user confirmation (case-sensitive 'CONFIRM') before executing any order, cancel, or transfer.- [PROMPT_INJECTION]: The skill processes untrusted external data from financial market APIs, representing a surface for indirect prompt injection (Category 8). This is mitigated by the enforced safety confirmation gate for all capability-heavy actions.
- Ingestion points: Market alpha indicators, ticker data, and trader history fetched from external exchange and data APIs as documented in SKILL.md and references/blave-api.md.
- Boundary markers: Present. Instructions in SKILL.md mandate a confirmation summary and explicitly tell the agent to refuse autonomous trading loops.
- Capability inventory: Network requests (via Python requests library) and local script execution (via python3) are documented in SKILL.md and references/marketplace.md.
- Sanitization: Absent. The skill relies on the human confirmation requirement rather than input filtering for safety.
Audit Metadata