backtest
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute Python scripts that it generates at runtime. This is the intended functionality for performing the backtests and generating reports. - [PROMPT_INJECTION]: The skill processes the
symbolinput as a string, which is later interpolated into file paths and generated Python code. This represents a surface for indirect prompt injection or code injection if a user provides a malicious symbol string. However, other critical inputs likestrategyandintervalare strictly constrained by enums, and the overall risk is consistent with standard data analysis skills.
Audit Metadata