trading-coach
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The SKILL.md file instructs users to clone a repository from 'https://github.com/BENZEMA216/tradingcoach.git'. This source is not on the trusted organizations list, and its contents are not part of the provided skill files.
- [REMOTE_CODE_EXECUTION] (HIGH): The Quick Start guide prompts the execution of multiple Python scripts ('import_trades.py', 'run_matching.py', etc.) and the installation of unverified dependencies from the external repository, enabling arbitrary code execution on the user's system.
- [COMMAND_EXECUTION] (MEDIUM): The skill rely on several terminal commands for environment setup and operation, which could be malicious if the external repository is compromised.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted financial data from CSV files. Ingestion point: 'scripts/import_trades.py'. Boundary markers: Absent. Capability inventory: 'scripts/analyze_scores.py' uses AI to generate insights. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata