get-prediction-markets
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill documentation includes an example API key string (
wm_0123456789abcdef0123456789abcdef01234567). This string follows a sequential hexadecimal pattern and serves as a clearly identifiable placeholder for developers rather than a functional sensitive credential. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch data from
api.worldmonitor.app. This network communication is the primary and disclosed purpose of the skill for retrieving live market data. - [INDIRECT_PROMPT_INJECTION]: The agent is instructed to process external data (market titles and probabilities) retrieved from the World Monitor API. While this introduces a surface for indirect prompt injection if the API returns malicious strings, the impact is minimized by the skill's specific focus on numerical and geopolitical data.
- Ingestion points: Data enters via the
marketsarray in the JSON response fromapi.worldmonitor.app(SKILL.md). - Boundary markers: None present; the agent parses the
titleandyesPricefields directly. - Capability inventory: The agent uses the data to answer user queries; no file system or shell execution capabilities are triggered by the data ingestion.
- Sanitization: None described in the instructions.
Audit Metadata