trading-agents
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands during runtime to handle dependencies.\n
- Evidence: In
scripts/stock_advisor.py, the_generate_pdf_with_fpdf2method usessubprocess.check_callto runpip install fpdf2. Executing commands to modify the system environment during runtime is an unsafe practice for agent skills.\n- [EXTERNAL_DOWNLOADS]: The system is designed to download third-party software at runtime.\n - Evidence: The skill automatically attempts to download and install the
fpdf2library from PyPI if it is missing, which bypasses static dependency declarations and introduces risks from dynamic network activity.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via external financial data.\n - Ingestion points: The
NewsAnalystAgentinscripts/agents/analysts.pyprocesses raw news content fetched fromakshare.\n - Boundary markers: System prompts do not use delimiters or isolation techniques to prevent external news content from being interpreted as instructions by the LLM.\n
- Capability inventory: The agents have access to disk write operations (reports), network communication (DashScope and DingTalk), and subprocess execution (pip).\n
- Sanitization: No sanitization or validation is performed on the news text before it is interpolated into the agent's context.
Audit Metadata