strategy-discovery-backtest

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill mentions using 'yfinance' and 'ccxt' for fetching market data. These are standard, well-known Python libraries used for accessing financial and cryptocurrency exchange data.
  • [COMMAND_EXECUTION]: Instructions specify running backtest scripts from a 'backtests/' directory. This is expected behavior for a tool designed to perform quantitative analysis and strategy simulation.
  • [DYNAMIC_EXECUTION]: The pipeline includes generating strategy specifications and performing 'vectorized runs' on data. This implies the generation and execution of data science scripts (e.g., Python/Pandas), which is the primary intended function of the skill.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes strategy hypotheses which may come from untrusted user input or other analyst skills.
  • Ingestion points: Strategy requests ('trade X'), signals, and signal hypotheses.
  • Boundary markers: None explicitly defined in the prompt template, though the output format is structured (XML-like tags).
  • Capability inventory: File writes to 'backtests/' and 'strategy/' directories, and execution of backtest scripts.
  • Sanitization: No explicit sanitization of input signals is mentioned; the skill relies on the backtest process itself to invalidate malicious or poor-quality signals by demonstrating a lack of performance ('FAIL').
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:08 AM
Security Audit — agent-trust-hub — strategy-discovery-backtest