fund-vehicles
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate financial calculations and comparisons as described in its documentation. The implementation in 'scripts/fund_vehicles.py' is focused on mathematical modeling and data analysis.
- [EXTERNAL_DOWNLOADS]: The script identifies a dependency on 'numpy', a standard and well-known numerical computing library. This is an expected and safe dependency for the described financial modeling tasks.
- [COMMAND_EXECUTION]: Although the skill specifies high-privilege 'allowed-tools' (Bash, Read, Write, Edit) in 'SKILL.md', the current implementation does not utilize these for any dangerous system operations or shell command execution.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via the processing of financial data.
- Ingestion points: 'scripts/fund_vehicles.py' accepts return series (arrays) and portfolio holdings (dictionaries) via multiple analysis methods.
- Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are provided in the data processing functions.
- Capability inventory: The skill is permitted to use high-privilege tools including 'Bash', 'Read', 'Write', and 'Edit' in its metadata.
- Sanitization: Input data is effectively sanitized by conversion to numeric formats (numpy float64) or strict traversal of dictionary structures, preventing the interpretation of input strings as instructions within the logic.
Audit Metadata