Skills
skills/himself65/finance-skills/options-payoff/Gen Agent Trust Hub

options-payoff

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute a python3 subprocess that fetches market data from Yahoo Finance via the yfinance library at skill load time.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided strategy descriptions and broker screenshots, creating an indirect prompt injection surface. (1) Ingestion points: User text and image uploads (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: Uses visualize:show_widget to render interactive components. (4) Sanitization: Not explicitly present in the extracted logic.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic script generation by creating JavaScript code for interactive P&L charts based on user-supplied parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:34 PM