unum-strat
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected. The skill's primary function is providing structured guidance and templates for financial strategy development.- [NO_CODE]: The skill package is composed entirely of markdown documentation, YAML/JSON configuration files, and pseudocode templates. It does not include any executable scripts, binaries, or automated installation hooks that could execute code.- [PROMPT_INJECTION]: The instructions establish clear operational boundaries and a 'skeptical' posture. It includes a surface for indirect prompt injection (Category 8) due to its news-gathering functions:
- Ingestion points: External market data and news are retrieved via
web_search,web_fetch, andbrowsertools as outlined inreferences/news-intelligence-policy.md. - Boundary markers: While explicit delimiters for external content are not provided, the instructions mandate that news be treated as a 'filter' or 'veto' rather than a direct decision trigger.
- Capability inventory: The skill's capabilities are restricted to text-based synthesis, strategy design, and policy recommendation; it lacks file-writing, shell execution, or privilege escalation capabilities.
- Sanitization: The policy requires verification of high-impact events against primary sources (
references/news-intelligence-policy.md) before any tactical application.- [DATA_EXFILTRATION]: No patterns for exfiltrating sensitive data or secrets were found. The skill collects general trading parameters necessary for its modeling purpose, with no hardcoded credentials or sensitive path access.
Audit Metadata