mql5-x-compile
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill uses the Bash tool to execute shell commands for environment setup (symlink creation with
ln -s) and to trigger the compilation process viawine64. These actions are restricted to the local filesystem and the standard application support path for MetaTrader 5. - [Indirect Prompt Injection] (LOW): 1. Ingestion points: The skill is designed to process .mq5 and .mqh source files provided or edited by the user. 2. Boundary markers: No specific delimiters or safety instructions are used when handling these files. 3. Capability inventory: Uses Bash to invoke the compiler and write binary (.ex5) and log (.log) files to disk. 4. Sanitization: No content sanitization is performed on the source code before compilation. This represents a standard ingestion surface for a build tool; the risk is low as the tool generates binary output for a specific trading platform rather than instructions for the agent's logic.
- [Dynamic Execution] (LOW): The skill performs runtime compilation of MQL5 source code into executable binaries. This is the primary function of the skill and is carried out using a trusted local compiler (MetaEditor64.exe).
Audit Metadata