finlab
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions in SKILL.md guide users to execute shell commands for installing the uv package manager and the finlab library, as well as sourcing local environment scripts for path configuration.
- [EXTERNAL_DOWNLOADS]: The skill documentation includes steps to download the uv binary from its official domain and install various Python packages such as finlab, shioaji, and esun-trade from standard package registries.
- [DATA_EXFILTRATION]: The backtesting function sim() described in backtesting-reference.md defaults to upload=True, which automatically transmits strategy reports and trade performance data to remote FinLab servers for sharing and evaluation.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists where the agent processes external market data retrieved via data.get() and data.search(). \n- Ingestion points: Market data and metadata enter the agent context through the data.get() and data.search() methods in dataframe-reference.md and factor-examples.md. \n- Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded content in financial data. \n- Capability inventory: The skill allows for strategy report uploading via sim() and live trade execution via OrderExecutor across multiple brokers. \n- Sanitization: No explicit sanitization or validation routines for the ingested financial data are documented.
Audit Metadata