I Built a Robinhood Trading Agent With Prompts, Policies, and a Human Approval Loop

Written By David Skelton

Quick note: This is a case study about building safer AI workflows. It is not financial advice, investment advice, or a recommendation to trade any security.

I built a Robinhood trading agent, and the most important thing it does is refuse to trade.

That sounds backwards until you understand what I was actually building.

I did not want an AI bot that wakes up, reads a headline, and starts throwing money around. That is not an agent. That is a liability with a chat interface.

What I wanted was a disciplined market radar for a small fractional account. Something that could look at my Robinhood context, compare it against a watchlist, read a policy file, check whether the data was fresh, and tell me what deserves attention.

The agent can classify a ticker as HOLD, WATCH, THESIS_REVIEW, BUY_SMALL, TRIM, IGNORE, or NO_TRADE. But it cannot place an order. It cannot move cash. It cannot bypass me.

That design choice is the whole lesson.

The real opportunity with AI agents is not replacing judgment. It is building systems that make judgment easier, faster, and less reactive.

Why I Built It

Small trading accounts are easy to mismanage.

Because the trades are fractional, everything feels harmless. A few dollars here. A tiny add there. A quick reaction to a green chart. The risk is not one giant mistake. The risk is death by tiny, poorly documented decisions.

So I built the agent around one question:

What would make a small trade deliberate enough to deserve consideration?

That question changed the system.

Instead of asking the AI, "What should I buy today?", I gave it a job:

Build a daily fractional-trade radar that combines portfolio context, market signals, filings, news, macro conditions, and broker readiness into a conservative action view. Default to NO_TRADE unless the evidence clears the policy gates.

That prompt matters because it defines the agent as a reviewer, not a gambler. Its default posture is restraint.

The Agent Architecture

The setup is intentionally simple.

The agent runs locally inside my DavidOS workspace. It reads a watchlist, a position snapshot, a policy file, optional quote data, and an optional broker snapshot from Robinhood. It then writes a daily markdown report into my local reports folder.

The core pieces are:

  • watchlist.txt for the approved universe
  • policy.toml for risk rules and decision gates
  • positions.csv for portfolio context
  • quotes.csv or broker quotes for freshness
  • broker-snapshot.json for account readiness
  • a Python runner that turns the inputs into a structured report
  • an action queue that captures any trade candidate for human review

The important part is not the code. The important part is the operating model.

The agent has clear decision rights:

  • It can read market and account context.
  • It can score evidence.
  • It can identify risks and missing data.
  • It can recommend review.
  • It can write a report.
  • It cannot execute a trade.

That last line is what makes the system useful.

The Prompt That Shaped the Agent

The prompt is not just a paragraph of instructions. It is the agent's operating manual.

Here is the simplified version of the structure I used:

Priority:
Optimize for disciplined visibility, not daily action.

The world-class version is not the one that trades most often.
It is the one that refuses low-quality action, preserves capital,
learns from misses, and only escalates when the evidence clears
the policy gates.

Inputs:
1. Watchlist
2. Positions
3. Policy file
4. Broker snapshot
5. Latest report
6. Recent user notes about trading intent or risk tolerance

Signal model:
- Portfolio fit
- Momentum
- Catalyst
- Macro fit
- Risk penalty

Policy gates:
Block trade candidates when broker data is stale, quote data is stale,
buying power is unclear, the account is inside an observation window,
the ticker is outside the approved universe, or the action would violate
concentration, cash floor, or banned-action rules.

Output:
Write a daily report with account posture, watchlist table, opportunities,
risks, trade candidates requiring confirmation, and data gaps.

Never place a trade.

That prompt does a few jobs at once.

First, it defines success. Success is not "find a trade." Success is "create disciplined visibility."

Second, it separates evidence from execution. The agent can notice a large move in a stock or ETF, but it cannot treat movement alone as permission to act.

Third, it makes missing context visible. If the broker snapshot is stale, the agent says so. If macro data is missing, it says so. If news is not configured, it does not pretend.

That is where a lot of agents fail. They try to be impressive. Useful agents are often boringly honest.

The Policy File Is the Secret

The prompt tells the agent how to think. The policy file tells it what it is allowed to do.

My policy includes rules like:

  • automatic trading is disabled
  • human approval is required
  • options, margin, shorts, crypto, and cash transfers are banned
  • trade candidates require fresh quote data
  • trade candidates require a fresh broker snapshot
  • trades must respect a cash floor
  • single-name concentration has a cap
  • new tickers require approval
  • the account can be placed inside an observation window where all trade actions are blocked

This is the difference between a chatbot and an agent.

A chatbot answers the question in front of it. An agent runs inside a system of rules, state, memory, and consequences.

If you are building agents for your business, this is the pattern to steal. Do not bury important rules in a long conversation. Put them in a structured file the agent reads every time.

For a trading agent, that file is a risk policy.

For a sales agent, it might be qualification rules.

For a marketing agent, it might be brand voice, claims language, and approval gates.

For an operations agent, it might be escalation rules, owner assignments, and service-level expectations.

The domain changes. The pattern stays the same.

What Happened on the First Real Run

The first Robinhood-backed readiness check did exactly what I hoped it would do.

It scanned the account's watchlist: broad-market exposure, semiconductor exposure, mega-cap tech, nuclear energy, energy infrastructure, and a few active ideas. It checked broker data and quotes. It saw that the data was fresh.

Then it blocked action.

Why?

Because the account was inside an observation window, buying power was at the cash floor, and several large moves required thesis review instead of chasing.

That is the moment I knew the agent was working.

A weaker system would have tried to sound clever. It would have picked a favorite ticker and written a confident little paragraph about momentum.

This system said, in effect:

There are things worth reviewing, but there is no trade candidate. Do the thinking first.

That is what good automation feels like. It does not flatter your impulse. It slows down the expensive part of your brain.

How Prompts Helped Me Build It

I built this the same way I build most useful AI systems: prompts first, code second.

The prompt helped me clarify:

  • the agent's job
  • the inputs it needed
  • the actions it was allowed to recommend
  • the actions it was not allowed to take
  • the report format
  • the failure modes
  • the approval path

Once that was clear, the code became much easier.

I was not asking an AI coding tool to "build a trading bot." I was asking it to implement a constrained operating loop:

  1. Read structured local files.
  2. Validate freshness.
  3. Score each ticker against a policy.
  4. Apply risk gates.
  5. Write a report.
  6. Route any candidate to a human approval queue.
  7. Never execute broker actions automatically.

That is a much better request.

This is one of the biggest lessons I teach people who want to build agents:

The prompt is not magic. The prompt is product design.

If the workflow is vague, the agent will be vague. If the decision rights are unclear, the agent will overreach. If the input files are messy, the output will be messy. If there is no approval path, the agent will either do too much or nothing useful at all.

What Anyone Can Learn From This

You do not need to start with trading.

In fact, you probably should not. Trading is useful as an example because the risks are obvious. But the same architecture applies to safer, more common business workflows.

You can build an agent that:

  • reviews inbound leads and flags the best ones
  • checks your calendar and prepares a morning brief
  • scans customer support themes and drafts fixes
  • audits content for brand and compliance issues
  • turns meeting notes into follow-up drafts
  • watches project folders for stale decisions
  • prepares weekly business reports from local files

The core recipe is the same:

  1. Give the agent one job.
  2. Give it structured inputs.
  3. Write the rules down.
  4. Define what it can decide.
  5. Define what only a human can approve.
  6. Make it produce a repeatable output.
  7. Log every run so the system can improve.

That is how agents become reliable. Not by making them "smarter" in the abstract, but by giving them a better environment to operate inside.

Every recommendation is tied to rules, context, and an execution framework designed to compound small improvements over time.

How I Help People Build Agents Like This

This is the kind of work I help teams and operators do.

Not "install AI" in the abstract. Not buy another subscription and hope people use it.

I help turn a repeatable workflow into a working agent system:

  1. Map the workflow and the real decision points.
  2. Identify the inputs the agent needs.
  3. Write the system prompt and examples.
  4. Convert judgment calls into policy files and approval gates.
  5. Build the local or cloud workflow around those rules.
  6. Create the report, dashboard, or action queue the human actually uses.
  7. Test the loop until the agent is useful, honest, and constrained.

The Robinhood agent is a personal example, but the same method works for lead qualification, content review, project management, customer follow-up, knowledge-base maintenance, and internal reporting.

The best first agent is usually hiding inside a workflow you already repeat. It has messy inputs, recurring decisions, and just enough risk that you do not want full automation. That is where a well-designed human-in-the-loop agent can create leverage quickly.

The Takeaway

My Robinhood agent is not a promise that AI can beat the market.

It is proof of something more useful: you can build practical agents around real workflows if you combine prompts, structured context, policy gates, and human approval.

That is where I think the next wave of AI work is going. Less spectacle. More operating systems. Less "let the AI do everything." More "give the AI a clear job, clear rules, and a safe path to help."

If you are curious about building agents for your own work, start with the repeatable decision you already make every week. Not the flashiest one. The one with the clearest inputs, rules, and review step.

That is usually where the first useful agent lives.

And if you want help finding that workflow, shaping the prompt, building the policy layer, and turning it into something your team can actually use, that is exactly the kind of system I build.

David Skelton
Previous

The End of the Second Brain: Why I’m Building an Agentic Operating System
Next

Your Files Are Dead. Here's What Comes Next.