tiger
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a specialized CLI tool (
tiger_cli.py) that allows the agent to interact with the Tiger Brokers API. It supports account management, market data retrieval, and order execution. - [DATA_EXFILTRATION]: The CLI script accesses the workspace
.envfile and the user's home directory to manage API credentials. It materializes the RSA private key to~/.tiger_private_key.pemwith restrictive0600permissions, which is required for the officialtigeropenSDK to authenticate brokerage requests. - [PROMPT_INJECTION]: The skill ingests external data from the Tiger Brokers API, which is then provided to the agent as structured JSON. This constitutes an indirect prompt injection surface.
- Ingestion points: Data is fetched from the Tiger Brokers API via
get_assets,get_positions, andget_stock_briefsinscripts/tiger_cli.py. - Boundary markers: The script outputs structured JSON to provide clear boundaries for the agent.
- Capability inventory: The script can perform active brokerage operations including
place_orderandcancel_order. - Sanitization: External data is serialized using
json.dumpsto ensure the agent receives it as a data object rather than executable instructions.
Audit Metadata