stock-trade-journal
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is vulnerable to path traversal in
scripts/record_trade.py. The--ts-codeparameter is used to build the Markdown file path usingos.path.join(base, "records", f"{args.ts_code}.md"). Without validation, this allows writing files to arbitrary locations by providing absolute paths or using directory traversal sequences.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).\n - Ingestion points: Untrusted data enters the agent context through command-line arguments in
scripts/record_trade.py(specifically the--reason,--note, and--take-profitflags) andscripts/query_trades.py(via the--ts-codeflag).\n - Boundary markers: The skill does not implement delimiters or warnings to ignore embedded instructions within the processed data fields.\n
- Capability inventory: The skill has the capability to write to Markdown files and perform SQLite database operations.\n
- Sanitization: While the skill correctly uses parameterized queries for SQLite database operations, it lacks sanitization or escaping for user-provided strings before they are appended to Markdown files in
scripts/record_trade.py.
Audit Metadata