aicoin-freqtrade
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes several high-impact actions (e.g., force_enter, force_exit, delete_trade) that accept parameters such as trade IDs and currency pairs from the agent's context. This surface is susceptible to indirect prompt injection if the agent populates these fields based on untrusted or malicious external data.
- Ingestion points: Parameters for trading actions are ingested via CLI arguments in 'scripts/ft.mjs'.
- Boundary markers: The skill does not implement delimiters or 'ignore instructions' warnings to prevent the agent from being misled by data embedded within the parameters.
- Capability inventory: The skill is capable of executing financial transactions, cancelling orders, and modifying trade history through HTTP requests to the Freqtrade API.
- Sanitization: There is no evidence of parameter validation or sanitization in the wrapper script, leaving security enforcement to the unprovided internal library 'freqtrade-api.mjs'.
Audit Metadata