cn-futures-terminal
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill facilitates the local deployment of a trading terminal. It correctly manages sensitive trading credentials (TQ_USER, TQ_PASSWORD) via environment variables rather than hardcoding them, following secure development practices.
- [COMMAND_EXECUTION]: The skill uses shell scripts to automate deployment, process monitoring, and lifecycle management (scripts/bootstrap.sh, scripts/status.sh, etc.). These scripts utilize standard system tools such as rsync and lsof within a scoped local workspace.
- [PROMPT_INJECTION]: The skill processes external market data from the TqSdk API, presenting a theoretical indirect prompt injection surface if market data were to contain malicious instructions.
- Ingestion points: Market data and contract specifications fetched via TqApi in assets/tq_gateway/app.py.
- Boundary markers: None explicitly defined in the agent's instructions.
- Capability inventory: Execution of shell scripts for local service management and deployment.
- Sanitization: No explicit sanitization or validation of data from the external API before presentation to the agent's context.
Audit Metadata