order-placement-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by directing the agent to ingest and analyze untrusted data.
- Ingestion points: Strategy logs (e.g.,
SIGNAL:,[ENTRY]), HTTP response content (response.text), and the.cursor/debug.logfile are analyzed to formulate fixes. - Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions that might be embedded within logs or API error messages.
- Capability inventory: The agent is encouraged to modify strategy files (e.g.,
openalgo/strategies/scripts/*.py) and the core client (trading_utils.py), and to execute verification scripts. - Sanitization: No sanitization or validation of the ingested log content is mentioned before it is used to influence code modification or execution.
- [COMMAND_EXECUTION]: The skill guidelines instruct the agent to generate and execute local scripts for verification.
- Evidence: Under the 'Verification' section, the agent is told to 'Create a script that instantiates APIClient... and calls placesmartorder... Run it and check log'. This involves dynamic code generation and execution based on the agent's interpretation of the debugging context.
Audit Metadata