crypto-research
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is professionally structured with clear separation of concerns among specialized agents. It follows security best practices, such as using restricted tool parameters and providing explicit guidance on handling untrusted data. No evidence of data exfiltration, unauthorized persistence, or malicious code execution was found.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because it fetches external content via
WebSearchandWebFetch. However, the author has implemented a dedicated guardrail section inSKILL.mdthat instructs the agent to treat fetched data as raw input, ignore any embedded directives, and flag potential injection attempts. - [COMMAND_EXECUTION]: Benign shell command usage is present for filesystem organization (creating timestamped directories) and reporting (running the
datecommand). These operations are appropriately scoped and do not present a risk of command injection or privilege escalation. - [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The skill's primary activity involves writing research reports to a local
outputs/directory for user review.
Audit Metadata