longbridge-alert
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows security best practices.\n- [COMMAND_EXECUTION]: Executes the
longbridgecommand-line tool. This behavior is consistent with the skill's purpose as a terminal interface for Longbridge alerts.\n- [EXTERNAL_DOWNLOADS]: Provides a link to the official Longbridge terminal GitHub repository for installation. This targets a legitimate vendor resource related to the skill's author.\n- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via user-supplied symbols or prices. However, this is mitigated by a mandatory two-step verification process:\n - Ingestion points: User-provided symbol, price, and alert ID in SKILL.md.\n
- Boundary markers: A mandatory two-turn protocol requiring the agent to preview the action and wait for an explicit confirm or yes from the user.\n
- Capability inventory: Uses
longbridge alertCLI for mutating operations.\n - Sanitization: Instructions to reject ambiguous prompts and request specific details from the user.
Audit Metadata