portfolio-syncing

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands, specifically using fd for file discovery, head for content classification, and mv/rm for managing CSV files within the ~/Downloads/ and notebooks/updates/ directories.
  • [COMMAND_EXECUTION]: The skill runs a local integration tool via uv run python -m src.integrations.snaptrade.cli to fetch live financial data, which is within the scope of its stated portfolio-syncing purpose.
  • [SAFE]: The skill identifies and accesses sensitive data sources, including the user's Downloads folder for broker exports and the .env file for SnapTrade credentials. These operations are essential for the skill's primary function and are handled via standard configuration paths.
  • [SAFE]: Extensive safety controls are implemented, including 'Safety Gates' (STOP conditions) that halt the workflow and require user confirmation if quantity or cost basis changes exceed defined thresholds (e.g., >10% or >20%).
  • [SAFE]: The skill enforces 'Formula Protection' by explicitly identifying 'Sacred Columns' in Google Sheets that contain GOOGLEFINANCE formulas and prohibiting the agent from writing to those ranges.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 02:54 PM