optimize
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
WriteandBashtools to create and execute Python scripts for backtesting. This behavior is consistent with the skill's primary purpose of automating strategy optimization. - [EXTERNAL_DOWNLOADS]: The generated scripts download historical market data from the OpenAlgo API, which is a legitimate and expected network operation for financial analysis tools.
- [PROMPT_INJECTION]: This finding analyzes the attack surface for Indirect Prompt Injection. Ingestion points: The skill ingests user-provided arguments (strategy, symbol) and external data from the OpenAlgo API. Boundary markers: No explicit delimiters are used to wrap external data, though the data is primarily processed as numerical arrays. Capability inventory: The agent possesses
Read,Write, andBashcapabilities, which are used to generate and save local reports. Sanitization: Input parameters are used to define file names and strategy types without explicit validation, though they are processed in a structured script environment.
Audit Metadata