Skills
skills/tradermonty/claude-trading-skills/edge-hint-extractor/Gen Agent Trust Hub

edge-hint-extractor

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/build_hints.py uses subprocess.run to execute an external command provided through the --llm-ideas-cmd command-line argument. While shlex.split is employed to parse the command string, the execution of arbitrary user-provided commands is a sensitive operation that could be exploited if the argument is influenced by an attacker.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external files and passing it to an external process. Findings include:
  • Ingestion points: Data is read from market_summary.json, anomalies.json, and news_reactions.csv (or .json) via the read_market_summary, read_anomalies, and read_news_reactions functions in scripts/build_hints.py.
  • Boundary markers: There are no boundary markers or instructions to the downstream tool to ignore embedded instructions within the processed data.
  • Capability inventory: The script executes subprocesses via subprocess.run in the generate_llm_hints function.
  • Sanitization: There is no evidence of sanitization or filtering of the textual content before it is passed to the external command.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 01:33 AM