copy-trading
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Remote Code Execution (MEDIUM): The skill performs dynamic imports of local modules (e.g., '../../../trading/copy-trading'). While these are relative paths, dynamic loading of executable logic at runtime is a vector for code execution if the filesystem is compromised.
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection. 1. Ingestion points: Wallet addresses and trade metadata from Polymarket and blockchains. 2. Boundary markers: None present to isolate external data from instructions. 3. Capability inventory: Significant financial capabilities (trade execution) using provided private keys. 4. Sanitization: No evidence of sanitization for external strings retrieved from markets or trader profiles.
- Credentials Unsafe (LOW): The skill requires environment variables for private keys (SOLANA_PRIVATE_KEY, EVM_PRIVATE_KEY). Although essential for the primary purpose of trading, handling full-authority credentials increases the risk of exfiltration.
Audit Metadata