backtest
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes uvx to fetch and execute the tiportfolio package from a public registry at runtime. This is a standard operational pattern for the utility and the package appears to be a legitimate vendor resource.
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands through the Bash tool to perform simulations. Although the agent is instructed to map user parameters to specific CLI flags, this pattern creates a risk of command injection if the agent fails to sanitize user-provided strings like ticker symbols or rebalancing ratios.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where untrusted user input is ingested and used to build executable commands.
- Ingestion points: Natural language user requests containing tickers, dates, and allocation ratios in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or escape sequences to isolate user-provided data from the command template.
- Capability inventory: The skill has access to the Bash tool for shell command execution.
- Sanitization: The instruction relies on the agent's extraction logic to identify parameters but does not provide specific rules for escaping shell metacharacters or validating input strings.
Audit Metadata