indicator-expert
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill properly manages sensitive credentials by loading the OPENALGO_API_KEY from environment variables via python-dotenv, preventing hardcoded secrets in the code.
- [COMMAND_EXECUTION]: Documentation in rules/numba-optimization.md provides shell command examples for manually clearing Numba caches (e.g., find . -name "*.nbi" -delete). These are intended for user maintenance and are not executed by the skill scripts themselves.
- [INDIRECT_PROMPT_INJECTION]: The skill's ingestion points include market data from OpenAlgo and Yahoo Finance APIs. While it lacks explicit boundary markers to delimit this external data, it performs standard data normalization and provides no clear path for data-driven instruction override.
- [DYNAMIC_EXECUTION]: The skill utilizes Numba's Just-In-Time (JIT) compilation to provide high-performance technical indicators. This runtime compilation is documented, isolated to numerical functions, and is the core functionality of the expert system.
Audit Metadata