tiger

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a specialized CLI tool (tiger_cli.py) that allows the agent to interact with the Tiger Brokers API. It supports account management, market data retrieval, and order execution.
  • [DATA_EXFILTRATION]: The CLI script accesses the workspace .env file and the user's home directory to manage API credentials. It materializes the RSA private key to ~/.tiger_private_key.pem with restrictive 0600 permissions, which is required for the official tigeropen SDK to authenticate brokerage requests.
  • [PROMPT_INJECTION]: The skill ingests external data from the Tiger Brokers API, which is then provided to the agent as structured JSON. This constitutes an indirect prompt injection surface.
  • Ingestion points: Data is fetched from the Tiger Brokers API via get_assets, get_positions, and get_stock_briefs in scripts/tiger_cli.py.
  • Boundary markers: The script outputs structured JSON to provide clear boundaries for the agent.
  • Capability inventory: The script can perform active brokerage operations including place_order and cancel_order.
  • Sanitization: External data is serialized using json.dumps to ensure the agent receives it as a data object rather than executable instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:26 PM
Security Audit — agent-trust-hub — tiger