trading-skills-navigator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute a local Python script (
scripts/recommend.py) to determine which trading workflow to recommend. This execution occurs via a bash shell command. - [PROMPT_INJECTION]: The skill uses raw user input (the trading goal) as a command-line argument (
--query "<the user's goal, verbatim>"). This creates an indirect prompt injection surface where a user could provide input containing shell metacharacters (e.g., semicolons, backticks, or pipes) to attempt command injection on the host system. - Ingestion points: User's natural language goal provided in the initial interaction (SKILL.md, Step 2).
- Boundary markers: The command template uses double quotes around the query placeholder, which provides limited protection against shell escaping depending on the agent's execution environment.
- Capability inventory: The skill has the ability to execute local Python scripts and read repository metadata (SKILL.md, scripts/recommend.py).
- Sanitization: The Python script normalizes whitespace and case but does not sanitize the input for shell-specific special characters before the command is invoked.
Audit Metadata