stock-trade-journal
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Path traversal vulnerability in
scripts/record_trade.py. The script accepts a user-provided--ts-codeargument and uses it to construct a filesystem path without validation or sanitization:md_path = os.path.join(base, "records", f"{args.ts_code}.md"). A malicious input (e.g., using directory traversal sequences) could allow the agent to write or append Markdown content to unauthorized locations on the host system. - [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted user data through fields such as 'reason' and 'note' and persists this data in Markdown files and a SQLite database. Because these logs are intended to be read back by the agent for trade review or statistics, malicious instructions embedded in the entries could influence future agent behavior. \n
- Ingestion points: Data enters via the
--reason,--note, and--ts-codeparameters inscripts/record_trade.py. \n - Boundary markers: Absent; the data is appended directly to records without the use of delimiters or instructions to the agent to treat the content as data only. \n
- Capability inventory: The skill has the capability to write and create files/directories via
scripts/record_trade.pyand query a database viascripts/query_trades.py. \n - Sanitization: Absent; the scripts do not perform any escaping, filtering, or validation of user-supplied strings before storage.
Audit Metadata