MonteCarlo
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill implements a workflow that modifies the
dividend_margin_monte_carlo.pysource code at runtime by interpolating values parsed from external files (Step 3 in RunSimulation and Step 5 in IncorporateBuyTicket). The modified script is then executed usinguv run. This pattern of script generation and subsequent execution is a known vector for code injection. - [DATA_EXFILTRATION]: The skill accesses sensitive financial documents, including Fidelity position and balance CSV files. These files contain account numbers, holdings, and portfolio values. While the skill does not currently demonstrate network exfiltration, it facilitates the exposure of high-value financial data to the agent's context.
- [COMMAND_EXECUTION]: The agent uses shell commands to find files (
ls), determine the date, and execute Python scripts using theuvpackage manager. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of untrusted local data.
- Ingestion points: Data is ingested from
notebooks/updates/Portfolio_Positions_*.csvand markdown files located infin-guru-private/fin-guru/tickets/. - Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands within the processed files.
- Capability inventory: The skill possesses the capability to read sensitive files, write/edit local Python scripts, and execute code in the shell environment.
- Sanitization: The parsing logic performs basic regex cleanup for currency symbols but does not validate ticker symbols or other metadata fields before they are interpolated into executable Python code.
Audit Metadata