longbridge
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_SAFE]: The skill manages sensitive authentication data (App Key, Secret, and Access Token) using environment variables. It includes a helper function to load these from a local
.envfile, which is a standard practice for secure local configuration. No hardcoded secrets were detected. - [DYNAMIC_EXECUTION]: The skill uses dynamic module loading (
__import__) to resolve the official SDK, which recently rebranded fromlongbridgetolongport. This loading is restricted to a hardcoded list of package names and does not process untrusted strings, making it a safe use of dynamic imports for compatibility. - [EXTERNAL_DOWNLOADS]: The skill specifies a dependency on the
longportpackage via standard package managers. This is the official library for the service and is used as intended for the skill's primary purpose. - [COMMAND_EXECUTION]: All user-provided arguments (symbols, quantities, prices) are validated and converted to strict types like
float,int, orDecimalbefore being passed to the SDK. Market sides and order types are mapped through hardcoded dictionaries, preventing any form of command or argument injection.
Audit Metadata