longbridge-risk-return
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by 'longbridge' and exclusively uses the 'longbridge' CLI tool and associated MCP servers, which are official vendor resources. This is consistent with the skill's stated purpose of portfolio optimization.
- [COMMAND_EXECUTION]: The skill executes standard CLI commands (e.g.,
longbridge portfolio,longbridge positions,longbridge kline) to fetch financial data. These operations are within the expected scope of a financial analysis tool and are restricted to 'read' access as indicated in the metadata (tier: read). - [DATA_EXPOSURE]: While the skill accesses sensitive portfolio and position information, this data is used locally by the agent to calculate efficiency scores and target allocations. No unauthorized external data exfiltration was detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (financial symbol history and user inputs), representing a potential ingestion surface. However, the operations are limited to data analysis and reporting without risky sinks like arbitrary shell execution or unsafe deserialization. Following standard procedure for this category, the risk is assessed as safe/minimal.
Audit Metadata