autonomous-trading
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on
cronto orchestrate its autonomous trading loop and invokes local Python scripts, such as/data/workspace/scripts/dsl-v4.py, for trade monitoring and profit protection. - [DATA_EXFILTRATION]: The skill documentation describes sending status updates via Telegram, which constitutes an outbound network operation to an external service provider.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests market scanner results and smart money signals that could be manipulated by external actors to influence the agent's trading logic.
- Ingestion points: Market data is retrieved via external platform tools including
opportunity-scannerandleaderboard_get_markets. - Boundary markers: The logic lacks explicit delimiters or instructions to the agent to ignore or isolate instructions potentially embedded within the ingested market data.
- Capability inventory: The skill can execute significant financial actions, including opening (
create_position) and closing positions, and writing to local state files (auto-strategy.json). - Sanitization: No sanitization or validation of the market data content is mentioned before it is processed for trade evaluation.
Audit Metadata