macro-intelligence
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill aggregates data from several external market and news services including FRED (St. Louis Fed), Finnhub, Polymarket, 6551.io, and a news relay at newsnow.busiyi.world. These connections are necessary for its documented purpose of providing unified macro intelligence.
- [SAFE]: The skill provides explicit instructions in SKILL.md to establish a security boundary for external data. It instructs the agent to treat data as untrusted and only process specific enumerated fields, which is a best practice for preventing indirect prompt injection.
- [SAFE]: The web dashboard (dashboard.html) includes a dedicated HTML escaping function ('esc') to sanitize external news content before rendering, effectively protecting against potential Cross-Site Scripting (XSS) attacks.
- [SAFE]: All sensitive credentials (API keys) are managed through environment variables or interactive setup, and persistent state is confined to a local 'state' directory with no unauthorized file system access or hardcoded secrets detected.
Audit Metadata