trader-hand-skill
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and analyzes content from untrusted external sources like Reddit, Twitter, and news outlets (HAND.toml Phase 2 and 3). This data is used to calculate sentiment scores and influence trading decisions.\n
- Ingestion points: Retrieves untrusted data via
web_searchandweb_fetchfor terms such as "[TICKER] reddit wallstreetbets".\n - Boundary markers: Lacks explicit instructions or delimiters to isolate untrusted web content from the agent's internal reasoning or to prevent interpretation of embedded instructions.\n
- Capability inventory: The agent possesses the
shell_execcapability (used for Alpaca API trades),file_write(to persist portfolio state), andschedule_create(to automate scanning).\n - Sanitization: No instructions are provided to sanitize or filter the fetched content before it is processed within the reasoning loop.\n- [COMMAND_EXECUTION]: The skill utilizes the
shell_exectool to perform system platform detection and to runcurlcommands for interacting with the Alpaca Trading API. It also executes Python snippets (python3 -c) to parse JSON data and compute financial indicators.\n- [EXTERNAL_DOWNLOADS]: The skill fetches financial market data and account information from the Alpaca API (alpaca.markets). These references are documented neutrally as part of the skill's primary functionality and originate from a well-known financial service.
Audit Metadata