ib-create-consolidated-report
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The script reads local trade data and communicates with a local Interactive Brokers service via specified ports (7496/7497). No data is transmitted to external third-party servers or untrusted domains.
- [COMMAND_EXECUTION]: The skill uses
uv runto execute its consolidation script, which is a standard method for managing and running Python environments. - [EXTERNAL_DOWNLOADS]: The skill relies on the
trading-skillspackage, which appears to be a vendor-provided dependency required for the core logic of trade data processing and brokerage integration. - [PROMPT_INJECTION]: The skill processes untrusted data from local CSV files which constitutes an indirect injection surface.
- Ingestion points: Reads trade CSV files from a user-supplied local directory in
scripts/consolidate.py. - Boundary markers: The generated Markdown report uses standard tables without specific delimiters to separate processed data from instructions.
- Capability inventory: Performs local file system operations (read/write) and network communication with a local Interactive Brokers instance.
- Sanitization: Numerical data is aggregated and formatted; string fields from the CSV are displayed in the report without explicit sanitization for LLM instructions, representing a low-risk surface common in reporting tools.
Audit Metadata