trading-alert-scheduler
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates external data from web searches into its analysis workflow.
- Ingestion points: The agent fetches pre-market news, market internals, and options flow data via web search (Stage 1a, 1c, 2c).
- Boundary markers: The instructions lack delimiters or specific directives to ignore potentially malicious instructions embedded in the search results.
- Capability inventory: The agent has access to sensitive financial tools via the
ibkr-mcp-server, including the ability to view portfolio balances, account summaries, and switch between multiple brokerage accounts. - Sanitization: There is no evidence of validation or filtering for the external web content before it is processed by the internal analysis models.
- [COMMAND_EXECUTION]: The skill utilizes a local installation of the
ArjunDivecha/ibkr-mcp-serverlocated at~/Desktop/tk_projects/ibkr-mcp-server/to interact with financial data. While this is the intended functionality, it relies on the integrity of third-party tools installed in the user's environment.
Audit Metadata