tradfi-portfolio-manager

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute local Python scripts (python3 backtests/v3_allocate_today.py) using a hardcoded virtual environment path. This pattern allows for the execution of arbitrary code present in the local repository's script files.
  • [DATA_EXFILTRATION]: The skill reveals sensitive local directory structures and user account names by hardcoding the path /Users/engineer/.venv/bin/python3. This provides reconnaissance information about the host system's configuration.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design.
  • Ingestion points: The agent is instructed to read and act upon the output generated by the v3_allocate_today.py script and local markdown files like GOAL.md.
  • Boundary markers: There are no protective delimiters or instructions to treat the script's output as untrusted data.
  • Capability inventory: The skill possesses command execution capabilities (via python3 subprocesses) and produces financial trade orders based on processed data.
  • Sanitization: No evidence of output validation or sanitization exists before the script data is used to formulate the final portfolio actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — tradfi-portfolio-manager