finlab
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The automated scan detected a piped remote execution pattern:
curl -LsSf https://astral.sh/uv/install.sh | sh. This executes a shell script directly from an untrusted remote source (astral.sh is not in the trusted source whitelist), providing a direct path for arbitrary code execution. - CREDENTIALS_UNSAFE (HIGH): The documentation in
trading-reference.mdprovides multiple examples of hardcoding sensitive credentials (API keys, passwords, certificate paths) directly into scripts usingos.environ. This practice increases the risk of accidental exposure of financial secrets in source control or logs. - COMMAND_EXECUTION (HIGH): The skill documentation suggests installing external packages via
pip install esun-tradeandpip install shioaji. While common, when combined with the untrusted RCE pattern, it indicates a high-risk environment for runtime command execution. - INDIRECT_PROMPT_INJECTION (HIGH): The skill demonstrates an injection surface where external data (backtest reports) is processed to determine financial holdings.
- Ingestion points:
Position.from_report(report, ...)intrading-reference.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the report data.
- Capability inventory:
OrderExecutor.create_orders()allows for real-world financial order execution based on the ingested data. - Sanitization: Absent; there is no evidence of validation or filtering for the contents of the
reportobject before it influences order creation.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata