tradememory
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'tradememory-protocol' package from PyPI and clones supplemental scripts from the vendor's official GitHub repository at github.com/mnemox-ai/tradememory-protocol.
- [COMMAND_EXECUTION]: Utilizes shell commands to install dependencies, initialize a local server for trade data management, and set up cron-based automated reporting for user reflections.
- [CREDENTIALS_UNSAFE]: Accesses a local .env file to store and retrieve MetaTrader 5 login credentials, which are required for the local synchronization script to interact with the MT5 terminal API.
- [PROMPT_INJECTION]: Processes market context and trade-specific reflections, which establishes a surface for indirect prompt injection should external data from a trading account include adversarial instructions.
Audit Metadata