futu

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the official futu-api Python package, which is the legitimate SDK provided by Futu for interacting with their OpenAPI gateway.
  • [COMMAND_EXECUTION]: The script executes stock trading commands (place and cancel orders) via the Futu API. These are intended behaviors for a trading skill and include a --confirm-live safety flag to prevent accidental execution on real accounts.
  • [PROMPT_INJECTION]: The skill ingests market data and account information from the Futu broker, creating an indirect prompt injection surface where the agent processes external data before taking action.
  • Ingestion points: Account information, position lists, and market snapshots retrieved in scripts/futu_cli.py.
  • Boundary markers: Not present; the tool returns raw JSON data from the broker to the agent.
  • Capability inventory: The skill has the ability to place and cancel trades as defined in scripts/futu_cli.py.
  • Sanitization: Not present; the data is passed directly from the broker's API into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:26 PM
Security Audit — agent-trust-hub — futu