get-prediction-markets

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill documentation includes an example API key string (wm_0123456789abcdef0123456789abcdef01234567). This string follows a sequential hexadecimal pattern and serves as a clearly identifiable placeholder for developers rather than a functional sensitive credential.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch data from api.worldmonitor.app. This network communication is the primary and disclosed purpose of the skill for retrieving live market data.
  • [INDIRECT_PROMPT_INJECTION]: The agent is instructed to process external data (market titles and probabilities) retrieved from the World Monitor API. While this introduces a surface for indirect prompt injection if the API returns malicious strings, the impact is minimized by the skill's specific focus on numerical and geopolitical data.
  • Ingestion points: Data enters via the markets array in the JSON response from api.worldmonitor.app (SKILL.md).
  • Boundary markers: None present; the agent parses the title and yesPrice fields directly.
  • Capability inventory: The agent uses the data to answer user queries; no file system or shell execution capabilities are triggered by the data ingestion.
  • Sanitization: None described in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 02:46 PM
Security Audit — agent-trust-hub — get-prediction-markets