@5326/fvg-delta-forex-engine
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious obfuscation, persistence mechanisms, or privilege escalation patterns were identified in the skill instructions. The use of environment variables for secrets management is a standard security practice.
- [EXTERNAL_DOWNLOADS]: The engine connects to Yahoo Finance (via the yfinance library) and ForexFactory to retrieve market data and news. These are well-known services expected for a financial trading application and do not represent a malicious external download.
- [PROMPT_INJECTION]: The skill processes external data from financial feeds and news sources, creating a surface for indirect prompt injection.
- Ingestion points: External data enters the context from the Yahoo Finance API and the ForexFactory news feed.
- Boundary markers: The instructions do not specify the use of explicit delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill provides functionality to execute local shell scripts (
assets/run_one_shot.sh) and perform network operations. - Sanitization: There is no mention of sanitization or validation for the content retrieved from external news feeds before processing.
Audit Metadata