algo-expert
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The strategy templates for machine learning (found in
ml_xgb/strategy.pyandml_logistic/strategy.py) utilize thepicklemodule to restore pre-trained models. This facilitates unsafe deserialization, which can be leveraged to execute arbitrary code if a malicious.pklfile is loaded into the strategy. - [COMMAND_EXECUTION]: The
core/portfolio_runner.pyutility employssubprocess.Popento launch child processes for various trading strategies. Since the paths to these scripts are derived from a YAML configuration file, an attacker who can modify the configuration could achieve arbitrary command execution within the environment.
Recommendations
- AI detected serious security threats
Audit Metadata