portfolio-syncing
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands, specifically using
fdfor file discovery,headfor content classification, andmv/rmfor managing CSV files within the~/Downloads/andnotebooks/updates/directories. - [COMMAND_EXECUTION]: The skill runs a local integration tool via
uv run python -m src.integrations.snaptrade.clito fetch live financial data, which is within the scope of its stated portfolio-syncing purpose. - [SAFE]: The skill identifies and accesses sensitive data sources, including the user's Downloads folder for broker exports and the
.envfile for SnapTrade credentials. These operations are essential for the skill's primary function and are handled via standard configuration paths. - [SAFE]: Extensive safety controls are implemented, including 'Safety Gates' (STOP conditions) that halt the workflow and require user confirmation if quantity or cost basis changes exceed defined thresholds (e.g., >10% or >20%).
- [SAFE]: The skill enforces 'Formula Protection' by explicitly identifying 'Sacred Columns' in Google Sheets that contain GOOGLEFINANCE formulas and prohibiting the agent from writing to those ranges.
Audit Metadata