execution
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill correctly references environment variables for sensitive credentials (API keys and private keys). No hardcoded secrets or unauthorized data transmission patterns were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The documentation mentions an external package 'clodds', but no commands to install or execute untrusted remote code are present.
- [Indirect Prompt Injection] (LOW): The skill provides the ability to execute financial trades. While no malicious behavior is present, this capability represents an attack surface if the agent processes untrusted data. Mandatory Evidence Chain: 1. Ingestion points: Chat commands for order placement. 2. Boundary markers: None. 3. Capability inventory: Order placement and cancellation on financial platforms. 4. Sanitization: Relies on external library 'clodds'.
- [Obfuscation] (SAFE): No encoded strings, hidden characters, or homoglyphs were identified in the documentation.
Audit Metadata