longbridge-orders
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'longbridge' command-line utility with subcommands like 'order' and 'cash-flow' to retrieve account information. This behavior is consistent with the skill's stated purpose of providing account oversight.
- [DATA_EXPOSURE]: The skill accesses sensitive financial information, including order histories and dividend records. The instructions specify that this data is private and should only be returned in direct conversation. Access requires active authentication and specific OAuth scopes, which is a standard security practice for financial tools.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied natural language to infer time windows and stock symbols. While this is an ingestion point for untrusted data, the skill maps these inputs to specific command-line flags (e.g., --start, --end, --symbol), which mitigates the risk of command injection or agent subversion.
Audit Metadata