Skills
skills/niceck/hhxg-top-hhxg-python/hhxg-market/Gen Agent Trust Hub

hhxg-market

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's scripts fetch market data in JSON format from https://hhxg.top/static/data. This connection to a third-party domain is necessary for the skill to retrieve live financial information.
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool as stated in its metadata. It instructs the agent to run Python scripts via the shell. Furthermore, the screenshots/gen_screenshots.py developer script uses subprocess.run to execute other local scripts.
  • [PROMPT_INJECTION]: The skill processes data from a remote API to generate market summaries, which introduces a surface for indirect prompt injection.
  • Ingestion points: scripts/_common.py (fetching from hhxg.top).
  • Boundary markers: None identified in the instructional content.
  • Capability inventory: Bash shell tool access.
  • Sanitization: Data is consumed and rendered directly without specific sanitization or filtering logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:47 PM
Security Audit — agent-trust-hub — hhxg-market