agentic-fund-orchestration
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external market and macro data, which introduces an indirect prompt injection attack surface where malicious data from external sources could theoretically influence agent behavior.
- Ingestion points: Market prices are fetched from yfinance and macroeconomic data from FRED.
- Boundary markers: The skill uses a structured JSON 'shared state object' to coordinate agents, which serves as a delimiter for facts versus reasoning.
- Capability inventory: The orchestration loop includes an execution stage capable of placing orders via Alpaca or Interactive Brokers (IBKR) APIs.
- Sanitization: The architecture implements significant mitigations, including mandatory human approval for all trades and a deterministic risk layer with a hard kill switch that operates outside the influence of the LLM.
- [SAFE]: The skill explicitly mandates 'human-in-the-loop' operation, requiring a human to approve all proposed trades before execution, which prevents autonomous unauthorized financial actions.
- [SAFE]: Risk management and safety caps are implemented as deterministic code outside the LLM, ensuring that the AI agents cannot override critical safety constraints or the 'kill switch'.
- [SAFE]: External references to financial data services (yfinance, FRED) and brokerage platforms (Alpaca, IBKR) are standard for the described use case and do not involve untrusted code execution.
Audit Metadata