alpaca
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill accesses a local
.envfile to retrieve API keys. This is documented as a standard and recommended practice for secret management within the execution environment. - Evidence: The
load_env()function inscripts/alpaca_cli.pytargetsPath(__file__).resolve().parents[3] / ".env". - [EXTERNAL_DOWNLOADS]: The skill requires the
alpaca-pylibrary, which is the official Python SDK for the well-known Alpaca brokerage service. - Evidence:
package: alpaca-pyis listed in theSKILL.mdmetadata and installation instructions. - [COMMAND_EXECUTION]: The skill facilitates trading and market data retrieval through a Python CLI script. All network communication is directed to well-known Alpaca API endpoints (
paper-api.alpaca.marketsandapi.alpaca.markets). - Evidence: The script implements commands like
place,cancel, andquote, and includes a mandatory--confirm-livesafety flag for any operations involving real currency.
Audit Metadata