agentic-fund-orchestration

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external market and macro data, which introduces an indirect prompt injection attack surface where malicious data from external sources could theoretically influence agent behavior.
  • Ingestion points: Market prices are fetched from yfinance and macroeconomic data from FRED.
  • Boundary markers: The skill uses a structured JSON 'shared state object' to coordinate agents, which serves as a delimiter for facts versus reasoning.
  • Capability inventory: The orchestration loop includes an execution stage capable of placing orders via Alpaca or Interactive Brokers (IBKR) APIs.
  • Sanitization: The architecture implements significant mitigations, including mandatory human approval for all trades and a deterministic risk layer with a hard kill switch that operates outside the influence of the LLM.
  • [SAFE]: The skill explicitly mandates 'human-in-the-loop' operation, requiring a human to approve all proposed trades before execution, which prevents autonomous unauthorized financial actions.
  • [SAFE]: Risk management and safety caps are implemented as deterministic code outside the LLM, ensuring that the AI agents cannot override critical safety constraints or the 'kill switch'.
  • [SAFE]: External references to financial data services (yfinance, FRED) and brokerage platforms (Alpaca, IBKR) are standard for the described use case and do not involve untrusted code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — agentic-fund-orchestration