algo-expert
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
rules/assets/core/portfolio_runner.pyscript usessubprocess.Popento manage and execute child strategy processes. The specific scripts and their environment variables are determined by a YAML configuration file, which allows for the execution of arbitrary Python scripts within the environment. - [REMOTE_CODE_EXECUTION]: The machine learning strategy templates (
rules/assets/ml_logistic/strategy.pyandrules/assets/ml_xgb/strategy.py) utilize thepicklemodule to load pre-trained model pipelines. Usingpickle.load()on a file is a known security risk as it can be used to execute arbitrary code if the pickle file is maliciously crafted. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface that could be used for indirect injection if market data sources are compromised.
- Ingestion points: Market data is fetched via
client.history()(OpenAlgo API) and through direct DuckDB file connections inrules/assets/core/data_router.py. - Boundary markers: No explicit boundary markers or 'ignore' instructions for data streams were observed.
- Capability inventory: The skill can execute child processes via
subprocess.Popeninportfolio_runner.py, perform file writes for state management instate.py, and initiate network requests via the OpenAlgo SDK. - Sanitization: Market data and database records are processed as numerical and categorical data without explicit sanitization or validation of the content before it influences strategy execution logic.
Audit Metadata