liberfi-predict
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies silent installation of the '@liberfi.io/cli' npm package if the tool is not found. This package is owned by the skill's author and is essential for its operation.
- [COMMAND_EXECUTION]: The skill extensively uses shell commands via the 'lfi' CLI, passing user-provided inputs as arguments. The implementation relies on the platform's handling of these inputs to prevent standard command injection.
- [PROMPT_INJECTION]: The skill contains routing instructions designed to ensure that any mention of specific keywords ('Polymarket', 'Kalshi') is handled by this skill, overriding default agent behavior.
- [PROMPT_INJECTION]: There is an indirect prompt injection surface as the skill processes and displays data from external market APIs. Ingestion point: output from various 'lfi predict' commands in SKILL.md. Boundary markers: Absent. Capability inventory: Order placement and cancellation via 'lfi predict *-place' and 'lfi predict cancel' in SKILL.md. Sanitization: Not specified. Mitigation: Mandatory user confirmation for all financial transactions serves as a primary control.
Audit Metadata