fastmoss-market

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is well-documented and follows clear, non-malicious patterns for data extraction from a specific domain (fastmoss.com).
  • [COMMAND_EXECUTION]: The skill uses Python scripts to perform data collection. These scripts use standard libraries (json, urllib, csv) to communicate with a local bridge service (kimi-webbridge) at 127.0.0.1:10086. This is a standard architectural pattern for browser-automated data collection.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from FastMoss JSON APIs. All network requests are directed to the primary target domain (www.fastmoss.com) and are used solely to retrieve market analytics data as described in the skill's purpose.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Collected data is stored locally in user-specified paths (CSV and JSON files). No credentials or sensitive environment variables are accessed or transmitted.
  • [PROMPT_INJECTION]: The skill instructions do not contain any patterns attempting to override agent behavior, bypass safety filters, or extract system prompts.
  • [DYNAMIC_EXECUTION]: The skill uses a page-context execution pattern where JavaScript is sent to a browser bridge. The JavaScript template is static and uses proper JSON-encoding for parameter injection (URLs), which prevents script injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:23 AM
Security Audit — agent-trust-hub — fastmoss-market