Skills
skills/agiprolabs/claude-trading-skills/ta-lib/Gen Agent Trust Hub

ta-lib

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file contains setup instructions that involve executing commands with sudo for system package management and library installation.
  • [EXTERNAL_DOWNLOADS]: The skill documentation includes steps to download the TA-Lib source archive from its official GitHub repository using wget.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external OHLCV market data.
  • Ingestion points: Market data is ingested in scripts/compute_indicators.py and scripts/pattern_scanner.py.
  • Boundary markers: The current scripts do not implement explicit delimiters or instruction-override warnings for ingested data.
  • Capability inventory: Scripts perform mathematical computations using NumPy and TA-Lib; no high-risk system capabilities are exposed to ingested data content.
  • Sanitization: Input data is strictly cast to float64 before processing, which prevents non-numeric instruction execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 02:36 PM
Security Audit — agent-trust-hub — ta-lib