tradfi-portfolio-manager
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute local Python scripts (
python3 backtests/v3_allocate_today.py) using a hardcoded virtual environment path. This pattern allows for the execution of arbitrary code present in the local repository's script files. - [DATA_EXFILTRATION]: The skill reveals sensitive local directory structures and user account names by hardcoding the path
/Users/engineer/.venv/bin/python3. This provides reconnaissance information about the host system's configuration. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design.
- Ingestion points: The agent is instructed to read and act upon the output generated by the
v3_allocate_today.pyscript and local markdown files likeGOAL.md. - Boundary markers: There are no protective delimiters or instructions to treat the script's output as untrusted data.
- Capability inventory: The skill possesses command execution capabilities (via
python3subprocesses) and produces financial trade orders based on processed data. - Sanitization: No evidence of output validation or sanitization exists before the script data is used to formulate the final portfolio actions.
Audit Metadata