messari-alpha-scout
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a bash script and instructions to modify the user's crontab to schedule the script for daily execution, which establishes a persistence mechanism on the host system. \n
- Evidence: Crontab modification command in SKILL.md under the 'Schedule as a daily morning brief' section.\n- [PROMPT_INJECTION]: The skill contains an AI synthesis workflow that interpolates external data from the Messari API directly into an LLM prompt without sanitization or boundary markers, creating a surface for indirect prompt injection.\n
- Ingestion points: Data is fetched from api.messari.io in Steps 1 through 4 of the workflow.\n
- Boundary markers: Absent. The prompt template in Step 5 directly inserts variable outputs (e.g., {step1_output}) into the system and user messages.\n
- Capability inventory: The skill environment has access to the 'mp token swap' command for financial transactions and 'mp x402' for paid API requests.\n
- Sanitization: None identified. The external API responses are passed directly to the LLM.
Audit Metadata