Skills
skills/rkiding/awesome-finance-skills/alphaear-signal-tracker/Gen Agent Trust Hub

alphaear-signal-tracker

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The script scripts/utils/predictor/evaluation.py uses torch.load() to load model weights.
  • Evidence: Line 37: checkpoint = torch.load(path, map_location=self.device).
  • Risk: By default, torch.load uses the pickle module, which is unsafe against erroneous or maliciously constructed data. If an attacker can place a malicious .pt file in the exports/models/ directory, they can achieve arbitrary code execution on the host system.
  • COMMAND_EXECUTION (MEDIUM): The script scripts/utils/md_to_html.py uses os.popen to execute a shell command.
  • Evidence: Line 173: Generated by AlphaEar @ {os.popen('date').read().strip()}.
  • Risk: While the command date is benign, using os.popen to execute shell commands is a poor security practice and can be exploited if any part of the command string becomes user-controllable in future iterations.
  • INDIRECT_PROMPT_INJECTION (HIGH): The skill ingests untrusted data from external URLs and processes it through LLM agents.
  • Ingestion points: scripts/utils/content_extractor.py uses the Jina Reader API to fetch content from arbitrary URLs provided in the signal tracking workflow.
  • Boundary markers: Prompt templates in scripts/prompts/fin_agent.py and references/PROMPTS.md use basic headers (e.g., === Latest Tracking ===) but lack robust delimiters or instructions to ignore embedded commands within the fetched content.
  • Capability inventory: The skill has capabilities to write files (HTML reports, Draw.io XML), execute shell commands (os.popen), and query local databases.
  • Sanitization: scripts/fin_agent.py performs basic ticker validation against a database, but there is no sanitization of the natural language content (summary, reasoning) generated from the external web data.
  • DATA_EXPOSURE (LOW): The skill manages multiple sensitive API keys via environment variables (e.g., JINA_API_KEY, DEEPSEEK_API_KEY, OPENROUTER_API_KEY). While expected for functionality, the storage and retrieval logic in scripts/utils/llm/factory.py should be monitored to ensure keys are not logged or exposed in error messages.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:34 AM