trading-alert-scheduler
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted market data from external web sources which could contain adversarial instructions targeting the agent logic (Indirect Prompt Injection).
- Ingestion points: Web search results for ticker news, price action summaries, and market internals (SKILL.md, Stage 1a & 1c).
- Boundary markers: Absent; there are no specified delimiters or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The skill utilizes IBKR MCP tools to access portfolio positions, P&L, account summaries, and margin requirements (SKILL.md, Stage 1b).
- Sanitization: No sanitization or validation protocols are described for the external content before it is processed for analysis.
- [EXTERNAL_DOWNLOADS]: The skill requires a third-party tool for its core functionality (ArjunDivecha/ibkr-mcp-server), which originates from a non-trusted repository.
- Evidence: Reference to the external tool located at ~/Desktop/tk_projects/ibkr-mcp-server/ and its various functions for IBKR data access (SKILL.md).
Audit Metadata