ib-option-chain
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions require the agent to execute a Python script using
uv runwhile interpolating user-provided symbols and dates. This pattern creates a potential for command injection if the agent does not sanitize these inputs before shell execution. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external financial data from Interactive Brokers API which is then presented to the agent.
- Ingestion points: Market data is fetched via the
scripts/options.pyscript. - Boundary markers: The skill instructions lack explicit delimiters or warnings to ignore instructions that might be embedded in the retrieved market data.
- Capability inventory: The agent is granted the ability to execute local scripts and subprocesses via the shell.
- Sanitization: The Python script uses
argparsefor internal argument parsing but does not provide a mechanism to sanitize the parameters before they reach the shell execution layer.
Audit Metadata