alpaca-trading
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the Rust toolchain from 'sh.rustup.rs' and the 'apcacli' tool via 'cargo'. These are well-known and official sources for the required development environment and trading utility.
- [CREDENTIALS_UNSAFE]: The README and SKILL files recommend persisting sensitive Alpaca API credentials by appending them to the user's shell profile (e.g., '~/.zshrc'). This practice exposes secret keys in plain text within a commonly accessible system file.
- [COMMAND_EXECUTION]: The skill operates by executing shell commands via the 'apcacli' binary. It provides the agent with the ability to perform high-impact financial actions, such as submitting market orders, cancelling all active orders, and closing entire portfolio positions.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external data. \n
- Ingestion points: Market data, asset descriptions, and search results are retrieved from the Alpaca API (SKILL.md). \n
- Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded commands in the data retrieved from the API. \n
- Capability inventory: The skill can execute various financial commands and monitor account events through 'apcacli' (SKILL.md). \n
- Sanitization: There is no evidence of sanitization or validation of strings returned from the Alpaca API before they are processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
Audit Metadata