cufolio
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads public market data (S&P 500 prices) via the
cufolio.utils.download_datahelper. This process is documented as requiring explicit user confirmation before execution, which is a standard safety practice for skills requiring network access.- [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from user-supplied CSV files for portfolio analysis. It implements validation rules (Rule 2 in SKILL.md) that require a date-indexed schema and numeric columns, which serves as a safeguard against processing malformed or malicious file content.- [COMMAND_EXECUTION]: The skill generates and executes Python code to perform financial optimizations usingcvxpyandcufolio. All commands are restricted to the primary functional scope of portfolio math and data processing, with explicit checks for the presence of the requiredcuOptGPU solver.- [DATA_EXPOSURE]: The skill reads price data from local CSV files within the workspace. No attempts to access sensitive system files (e.g., credentials, SSH keys) or exfiltrate private data were detected.
Audit Metadata