Skills
skills/lacymorrow/alpaca-trading-skill/alpaca-trading/Gen Agent Trust Hub

alpaca-trading

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs a local bash script (scripts/alpaca.sh) to execute curl commands for interacting with Alpaca's REST API. This script is used for all trading operations, account management, and market data retrieval. It follows safe shell scripting practices, such as using set -euo pipefail and argument arrays.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by allowing the agent to ingest external, untrusted data.
  • Ingestion points: Market news and stock data are retrieved via the /v1beta1/news endpoint, as seen in SKILL.md and references/api.md.
  • Boundary markers: The instructions do not define clear boundaries or delimiters to help the agent distinguish between its system instructions and the content of news articles.
  • Capability inventory: The skill has significant capabilities, including placing market/limit orders (/v2/orders), exercising options, and closing positions (/v2/positions).
  • Sanitization: There is no evidence of sanitization or content filtering for the data retrieved from the external API before it is presented to the agent. While the skill includes safety instructions for the agent to seek user confirmation, the underlying vulnerability surface remains present.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 09:28 AM