ito-basket-compare
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown instructions (SKILL.md) and does not contain any scripts, binaries, or automated installation steps.
- [DATA_EXFILTRATION]: Access to the Itô API is managed via an environment variable (ITO_API_KEY) for read-only purposes. The instructions explicitly forbid accessing private documents without user direction and mandate summarizing financial data to preserve privacy.
- [PROMPT_INJECTION]: The skill includes robust guardrails that prevent the agent from providing investment advice, sizing trades, or executing orders, which helps mitigate risks of the agent being manipulated into performing financial transactions.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest external user data such as portfolio notes, research memos, and CRM context (SKILL.md). Ingestion points: Portfolio notes, research memos, CRM context, and knowledge base snippets. Boundary markers: Absent. Capability inventory: Read-only data retrieval from Itô API (SKILL.md). Sanitization: Absent.
Audit Metadata