funding-signal-monitor
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches real-time funding data from the public Hacker News Algolia API (
hn.algolia.com). - [COMMAND_EXECUTION]: Orchestrates the search process by executing specialized scripts from related skills including
twitter-mention-tracker,reddit-post-finder, andhacker-news-scraper. - [PROMPT_INJECTION]: The skill processes untrusted external content from social media and web forums, presenting a surface for indirect prompt injection.
- Ingestion points: Aggregates unstructured data from Twitter, Reddit, Hacker News, and general web searches in Phase 2.
- Boundary markers: The prompt instructions in Phase 3 and 4 do not specify delimiters (e.g., XML tags or triple backticks) to isolate the untrusted external content from the agent's instructions.
- Capability inventory: Resulting data is used to generate outreach reports, write to Google Sheets, and can be passed to subsequent outreach skills.
- Sanitization: The provided Python script filters for funding stages and dollar amounts but does not sanitize the input text for malicious instruction patterns.
Audit Metadata