tax-loss-harvesting

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were detected. The skill includes mandatory safety disclaimers and strictly defines its scope as general tax information.
  • [DATA_EXFILTRATION]: No sensitive file access or network operations are present. The skill mentions third-party financial APIs and libraries (e.g., yfinance, Alpaca, IBKR) only for informational purposes regarding automation.
  • [REMOTE_CODE_EXECUTION]: No external scripts, package installations, or remote code patterns are present in the skill instructions.
  • [COMMAND_EXECUTION]: The skill contains no shell commands, subprocess calls, or system interactions.
  • [OBFUSCATION]: No obfuscation techniques such as Base64, hex encoding, or zero-width characters were found in the file content.
  • [INDIRECT_PROMPT_INJECTION]: While the skill instructions are designed to process user-provided financial data (positions, cost basis), the skill lacks any executable capabilities (file writes, network sends, or code execution) that could be leveraged for an attack.
  • [SAFE]: The skill is a documentation-only asset that provides logic for personal finance automation without including any risky functional components.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:08 AM
Security Audit — agent-trust-hub — tax-loss-harvesting