algo-host
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute shell commands such as 'rm strategies//state.db' to reset strategy state. The '' variable is taken from the user-provided '$0' argument. Without proper sanitization, this allows for directory traversal or command injection if an attacker provides a crafted string containing shell metacharacters or absolute paths.
- [PROMPT_INJECTION]: The skill reads external strategy files and a rules file to validate and potentially edit them, which introduces an indirect prompt injection surface (Category 8). Malicious instructions within these files could attempt to manipulate the agent's behavior. * Ingestion points: 'algo-expert/rules/self-hosted-strategies.md' and the strategy Python file provided by the user. * Boundary markers: No delimiters or instructions to ignore embedded commands are specified for ingested content. * Capability inventory: The skill allows access to 'Read', 'Write', 'Edit', 'Bash', 'Glob', and 'Grep' tools. * Sanitization: No sanitization or validation of content from external files is performed.
Audit Metadata