trading-agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): Multiple analyst sub-skills (
fundamentals-analyst.md,market-analyst.md,news-analyst.md,social-analyst.md) usecurlto interact with the Alpha Vantage API. While the use case is legitimate, the direct execution of network commands with variable-injected parameters creates a minor attack surface if input ticker symbols are not properly validated by the calling agent. - [EXTERNAL_DOWNLOADS] (SAFE): The skill downloads financial data from Alpha Vantage. This is a well-known, trusted source for financial market data, and the data is restricted to CSV/JSON formats for analysis rather than executable code.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted data from the open web.
- Ingestion points: External news articles and social media sentiment are ingested via the
NEWS_SENTIMENTfunction innews-analyst.mdandsocial-analyst.md. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its own logic and instructions that might be embedded within the news text.
- Capability inventory: The skill possesses the ability to perform filesystem writes (creating reports) and execute network requests via
curl. - Sanitization: Absent. There is no evidence of filtering or escaping logic to prevent malicious payloads in news headlines from influencing the 'Risk Manager' or 'Trader' agents later in the pipeline.
Audit Metadata