ib-find-short-roll
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues or malicious patterns were identified. The skill's behavior is consistent with its stated purpose of financial analysis.
- [COMMAND_EXECUTION]: The skill executes a local script (scripts/roll.py) using 'uv run python' or 'python'. This script interfaces with the Interactive Brokers local API (ports 7496/7497) to retrieve real-time position and market data.
- [EXTERNAL_DOWNLOADS]: The skill depends on the 'trading-skills' library and utilizes standard Python packages including 'ib-async' and 'yfinance'.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external data from the Interactive Brokers API and includes it in markdown reports.
- Ingestion points: Account, position, and market data retrieved from the IB API via scripts/roll.py.
- Boundary markers: None explicitly defined in the markdown templates.
- Capability inventory: File system write access to the sandbox directory for report storage.
- Sanitization: The skill relies on structured data processing; no explicit sanitization is implemented in the provided template.
Audit Metadata