monte-carlo

Warn

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses highly sensitive financial data including Fidelity position CSVs (Portfolio_Positions_*.csv) and account balance files (Balances_for_Account_*.csv). These files contain account numbers, tickers, quantities, and current market values, creating a high risk of data exposure.
  • [COMMAND_EXECUTION]: The workflows explicitly use shell commands to discover files (ls -t, ls -la), retrieve system information (date), and execute Python scripts using the uv package manager (uv run python).
  • [REMOTE_CODE_EXECUTION]: The skill employs a dangerous dynamic code modification pattern. In both RunSimulation.md and IncorporateBuyTicket.md, the agent is instructed to edit the source code of fin-guru-private/strategies/dividend_margin_monte_carlo.py to inject variables parsed from external files. While PortfolioParser.md suggests numeric conversion, the workflow lacks enforced validation, potentially allowing malicious content in a CSV or Buy Ticket to inject arbitrary Python code into the strategy file before execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests data from external, untrusted sources (Fidelity CSV exports and Markdown buy tickets) and uses that data to influence internal logic and code execution. The absence of strict boundary markers or sanitization between the data ingestion and the code modification step creates an exploitable attack surface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 02:54 PM