trading-research
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements a workflow where strategy logic is fetched from the internet via
web_fetchand converted into Python scripts that are subsequently executed during backtesting. This creates a path for untrusted remote content to execute code on the local system. - [COMMAND_EXECUTION]: The
/research backtestfunctionality involves the execution of dynamically generated Python code. This provides a vector for performing unauthorized system operations if the code generation process is manipulated by malicious input from web sources. - [EXTERNAL_DOWNLOADS]: The skill's primary logic is derived from content downloaded from arbitrary external websites, introducing a supply chain risk where executable code is based on unverified third-party information.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from processed web content.
- Ingestion points: Untrusted data enters via
web_searchandweb_fetch(SKILL.md). - Boundary markers: No delimiters or safety instructions are present to prevent the agent from following instructions embedded in the fetched trading strategies.
- Capability inventory: Includes Python code execution, file system writes to the
strategies/directory, and interaction with MetaTrader 5 terminals. - Sanitization: No sanitization or validation of the fetched logic is performed before it is used for code generation.
- [DATA_EXFILTRATION]: By combining the ability to execute code generated from the web with access to financial trading platforms (MT5), the skill creates a high-risk surface for the exfiltration of trading credentials or financial account data.
Audit Metadata