paper-trading
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior matches its stated purpose of providing a local simulated trading ledger.
- [COMMAND_EXECUTION]: The skill executes its local entry script
run.pyusingpython3. This is the intended implementation for its trade simulation logic and is constrained to the skill's own package. - [DATA_EXPOSURE]: The skill reads and writes to a local JSON file to persist the paper-trading ledger. This is restricted to the local runtime area and does not involve sensitive system files or credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data through command-line arguments and market data files.
- Ingestion points: User-provided arguments (e.g.,
--note, symbol names) and external market data files (e.g.,--csv). - Boundary markers: None explicitly defined in the prompt instructions; reliance is placed on the underlying parser.
- Capability inventory: The skill uses the
Bashtool to run its local Python simulation script. - Sanitization: The skill utilizes a structured argument parser from its support library (
core.skill_support) which helps mitigate direct command injection via arguments.
Audit Metadata