forex-edge
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requests sensitive MetaTrader 5 credentials including server name, login ID, and password from the user during the interactive setup process.
- [CREDENTIALS_UNSAFE]: The MT5 password is passed as a plaintext command-line argument to the mt5_connect.py script, exposing it to any process or user capable of viewing the system's process list.
- [EXTERNAL_DOWNLOADS]: The skill automatically clones a remote repository from GitHub (https://github.com/Hero988/Forex-Trading-Skill.git) into the local directory to provide its core scripts and functionality.
- [COMMAND_EXECUTION]: The skill executes multiple Python scripts and shell commands for connectivity tests, resource monitoring, and backtesting operations.
- [REMOTE_CODE_EXECUTION]: The skill runs an installation script (scripts/install_deps.py) downloaded from a remote source, which executes arbitrary code to manage dependencies.
Audit Metadata