portfolio-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Documentation Only] (SAFE): The file is a Markdown guide and contains no executable scripts or automated logic.
- [Credential Management] (SAFE): The guide provides instructions for users to configure API keys via environment variables and includes appropriate security warnings and 'chmod' hardening steps.
- [External Downloads] (LOW): The guide recommends installing 'alpaca-trade-api', which is a well-known and trusted library for the service.
- [Indirect Prompt Injection] (LOW): The integration described involves ingesting data from an external API. 1. Ingestion points: Account information, positions, and history fetched via Alpaca API. 2. Boundary markers: No explicit delimiters or boundary markers are defined in the setup instructions. 3. Capability inventory: The skill tools allow reading sensitive brokerage data and portfolio history. 4. Sanitization: Input validation and sanitization are not addressed in this documentation.
Audit Metadata