@5326/fvg-delta-forex-engine

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious obfuscation, persistence mechanisms, or privilege escalation patterns were identified in the skill instructions. The use of environment variables for secrets management is a standard security practice.
  • [EXTERNAL_DOWNLOADS]: The engine connects to Yahoo Finance (via the yfinance library) and ForexFactory to retrieve market data and news. These are well-known services expected for a financial trading application and do not represent a malicious external download.
  • [PROMPT_INJECTION]: The skill processes external data from financial feeds and news sources, creating a surface for indirect prompt injection.
  • Ingestion points: External data enters the context from the Yahoo Finance API and the ForexFactory news feed.
  • Boundary markers: The instructions do not specify the use of explicit delimiters or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The skill provides functionality to execute local shell scripts (assets/run_one_shot.sh) and perform network operations.
  • Sanitization: There is no mention of sanitization or validation for the content retrieved from external news feeds before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:35 PM
Security Audit — agent-trust-hub — @5326/fvg-delta-forex-engine