vectorbt-expert
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates fetching financial market data from well-known and reputable sources, including Yahoo Finance (via
yfinance), various cryptocurrency exchanges (viaCCXT), and the vendor's proprietary OpenAlgo API. These network operations are strictly limited to historical data retrieval as part of the skill's core functionality. - [DATA_EXPOSURE]: The skill emphasizes secure credential management by instructing users to load API keys from environment files via
python-dotenvandfind_dotenv(). This prevents the hardcoding of sensitive secrets in script files. It does not attempt to access unauthorized local sensitive paths. - [INDIRECT_PROMPT_INJECTION]: The skill establishes an ingestion surface for external data via APIs and CSV files. However, the data is numerical OHLCV (Open, High, Low, Close, Volume) records used for mathematical calculations and chart generation. No evidence of the agent interpreting this data as natural language instructions was found.
- [COMMAND_EXECUTION]: The skill uses subprocess-like behavior via library calls to execute backtesting simulations and performance reporting (e.g.,
QuantStats). All commands are standard library operations within the context of quantitative finance and do not involve shell injection or privilege escalation.
Audit Metadata