trade-risk
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local Python execution via a shell interface to perform precise mathematical operations for position sizing (Kelly Criterion, fixed percentage) and Value at Risk (VaR) estimations. This execution is limited to internal calculation logic based on gathered data.
- [EXTERNAL_DOWNLOADS]: It triggers multiple web searches to retrieve public financial data including volatility, historical drawdowns, liquidity metrics, and event risks. All data sources are intended to be public financial information providers.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from web search results. Findings: 1. Ingestion points: Search results from steps 1 through 7 in SKILL.md. 2. Boundary markers: Absent; the agent is not explicitly instructed to ignore instructions within search results. 3. Capability inventory: Access to shell execution for Python calculations. 4. Sanitization: Absent; the instructions do not specify validation for data passed into calculation scripts.
Audit Metadata