byted-market-insight-agent
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts in the scripts/ directory to facilitate API communication with vendor endpoints. These operations are performed using standard libraries and target official ByteDance/Volcengine domains.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data from external public sources via the PullPost and QueryClueInfo APIs. Ingestion points: scripts/pull_post_python.py and scripts/query_clue_info.py. Boundary markers: Absent. Capability inventory: Network requests and content summarization. Sanitization: Absent. This risk is inherent to the market analysis use case and managed through official API integration.
- [SAFE]: The skill correctly instructs users to manage sensitive credentials like API keys through environment variables, avoiding hardcoding practices.
Audit Metadata