finhay-trading
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local shell scripts (
infer-sub-account.shandrequest.sh) to resolve account details and execute signed API requests. These scripts are located in a shared directory (./_shared/scripts/). - [CREDENTIALS_UNSAFE]: The skill manages sensitive API credentials, specifically
FINHAY_API_KEYandFINHAY_API_SECRET, which it sources from a local environment file at~/.finhay/credentials/.env. - [DATA_EXFILTRATION]: The skill performs network operations to Finhay Securities API endpoints (e.g.,
fhsc.com.vn) to retrieve financial data. This behavior is consistent with the skill's primary purpose of providing trading data. - [NO_CODE]: The logic for authentication and API communication is contained in external shell scripts that were not provided in the analyzed package. The provided files consist entirely of documentation and endpoint definitions.
- [PROMPT_INJECTION]: The skill processes data from external API responses, which constitutes an indirect prompt injection surface.
- Ingestion points: Data enters the context via the
resultordatakeys of Finhay Securities API responses (e.g., portfolio holdings, order statuses). - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are defined in the endpoint documentation.
- Capability inventory: The skill has the capability to execute shell commands via the
request.shscript and read/write to the local.envfile. - Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata