jane-street-functional-trading
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Presence of hidden content via zero-width character obfuscation in the main header.
- File: SKILL.md
- Evidence: The header 'Jane Street Style Guide' is followed by a sequence of U+2060, U+200D, U+200B, and U+200C characters.
- Analysis: The title contains a sequence of zero-width joiners (U+200D), zero-width spaces (U+200B), and zero-width non-joiners (U+200C). This technique is used to embed hidden messages or bypass text-based security filters.- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection via the processing of untrusted market data.
- Ingestion points: SKILL.md (market_data and positions inputs in pricing functions).
- Boundary markers: Absent. No instructions are provided to separate data from commands or ignore instructions within the data.
- Capability inventory: SKILL.md (Pure functional OCaml logic for pricing and risk, but includes side-effect placeholders like Log and Risk_alerts).
- Sanitization: Absent. The skill does not describe or implement validation for the structure or content of the external data.
Recommendations
- AI detected serious security threats
Audit Metadata