aicoin-freqtrade
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded API credentials (accessKeyId and accessSecret) for the AiCoin service are present in lib/defaults.json and are used as fallbacks when no environment variables are provided.- [COMMAND_EXECUTION]: Multiple parameters in scripts/ft-deploy.mjs, including 'strategy', 'timerange', 'pairs', 'epochs', 'spaces', 'jobs', and 'loss', are interpolated directly into shell command strings without sanitization. This allows for arbitrary command injection via user-provided arguments to actions such as backtest, hyperopt, and download_data.- [EXTERNAL_DOWNLOADS]: Fetches the uv installer from astral.sh and clones the Freqtrade repository from GitHub during the deployment process.- [REMOTE_CODE_EXECUTION]: The skill executes the setup.sh script from the cloned Freqtrade repository. Additionally, it dynamically generates Python strategy files in the create_strategy action by interpolating unsanitized user-provided logic (entry_logic and exit_logic) directly into the file content, which is later executed by the bot.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the create_strategy interface.
- Ingestion points: scripts/ft-deploy.mjs via the create_strategy action parameters.
- Boundary markers: Absent.
- Capability inventory: Shell execution (execSync), file writing (writeFileSync), and Python execution (Freqtrade).
- Sanitization: Only the strategy name is sanitized; logic fields and other parameters are used as provided.
Recommendations
- AI detected serious security threats
Audit Metadata