leapcat
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes platform-specific tasks by running
npx leapcat@0.1.1. This is the intended method for interacting with the Leapcat API and managing user sessions, trades, and portfolio data. - [EXTERNAL_DOWNLOADS]: Each command involves downloading or verifying the
leapcatpackage from the npm registry. The skill uses a pinned version (0.1.1) to ensure execution environment stability and prevent automatic updates to unverified versions. - [DATA_EXFILTRATION]: The KYC skill includes an
uploadcommand that reads local files and transmits them to Leapcat's servers. While this involves moving local data to a remote endpoint, it is a required functionality for identity verification (Know Your Customer) and is constrained to user-provided file paths. - [PROMPT_INJECTION]: The skill processes untrusted external data from market quotes and search results, creating a surface for indirect prompt injection.
- Ingestion points: Market data retrieved via
market quote,market stocks, andportfolio positionscommands. - Boundary markers: Instructions specify using the
--jsonflag for data parsing, but no explicit delimiters are used to separate untrusted data from the agent's system prompt. - Capability inventory: The agent has the ability to execute shell commands via the
npxinterface. - Sanitization: There is no evidence of automated sanitization or filtering of the market data strings within the skill instructions.
Audit Metadata