finhay-portfolio
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive financial data including account balances, stock holdings, and profit/loss statements. It reads user credentials from
~/.finhay/credentials/.envto authenticate requests to the vendor's API. - [COMMAND_EXECUTION]: Executes shell scripts
./_shared/scripts/infer-sub-account.shand./_shared/scripts/request.shfor configuration management and API request signing. These scripts are referenced in the instructions but the source code was not included in the skill package, preventing verification of their security. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the Finhay API (such as stock symbols, order history, and market news) which is then rendered in the agent's context.
- Ingestion points: API endpoints defined in
references/endpoints/portfolio.mdandreferences/endpoints/orders.md. - Boundary markers: Absent; no delimiters or instructions are used to distinguish API data from agent instructions.
- Capability inventory: Capability to execute shell scripts and read local files.
- Sanitization: No input validation or sanitization of data retrieved from the trading endpoints is specified in the documentation.
Audit Metadata