skills/nvidia/skills/cufolio/Gen Agent Trust Hub

cufolio

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads public market data (S&P 500 prices) via the cufolio.utils.download_data helper. This process is documented as requiring explicit user confirmation before execution, which is a standard safety practice for skills requiring network access.- [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from user-supplied CSV files for portfolio analysis. It implements validation rules (Rule 2 in SKILL.md) that require a date-indexed schema and numeric columns, which serves as a safeguard against processing malformed or malicious file content.- [COMMAND_EXECUTION]: The skill generates and executes Python code to perform financial optimizations using cvxpy and cufolio. All commands are restricted to the primary functional scope of portfolio math and data processing, with explicit checks for the presence of the required cuOpt GPU solver.- [DATA_EXPOSURE]: The skill reads price data from local CSV files within the workspace. No attempts to access sensitive system files (e.g., credentials, SSH keys) or exfiltrate private data were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:42 PM
Security Audit — agent-trust-hub — cufolio