@554/lunarcrush
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes untrusted third-party content from social media platforms and news aggregators, presenting a surface for indirect prompt injection.
- Ingestion points: External data enters the agent context via multiple tools, including
lunar_topic_posts,lunar_topic_news,lunar_category_posts, andlunar_search_content, which fetch raw text from the LunarCrush API (documented intools/topics.py,tools/creators.py, andtools/coins.py). - Boundary markers: The skill does not implement explicit delimiters or instructions to the model to ignore potential commands embedded in the retrieved social content.
- Capability inventory: Across all files, the skill is limited to performing data retrieval and formatting. There are no tools for file system modification, arbitrary command execution, or other high-risk capabilities that could be exploited via injection.
- Sanitization: Retrieved data is formatted into structured dictionaries but does not undergo sanitization to filter out malicious natural language instructions.
Audit Metadata