Existing LLM-based agent benchmarks for finance overemphasize task performance while critically neglecting systemic safety risks—including hallucination, temporal misalignment, and adversarial vulnerability. Method: We propose a safety-centric evaluation paradigm, introducing the first three-tier security assessment framework (model-, workflow-, and system-level) with ten risk-aware metrics, and release the Security-Aware Evaluation Agent (SAEA). Our methodology integrates empirical multi-dimensional risk analysis, dual-path testing (via both API-based and open-weight models), and three-level decoupled robustness validation. Contribution/Results: Applied to mainstream financial LLM agents, our framework uncovers numerous safety vulnerabilities undetected by conventional benchmarks—demonstrating a paradigm shift from performance-oriented evaluation toward security, robustness, and real-world operational resilience.

Current financial LLM agent benchmarks are inadequate. They prioritize task performance while ignoring fundamental safety risks. Threats like hallucinations, temporal misalignment, and adversarial vulnerabilities pose systemic risks in high-stakes financial environments, yet existing evaluation frameworks fail to capture these risks. We take a firm position: traditional benchmarks are insufficient to ensure the reliability of LLM agents in finance. To address this, we analyze existing financial LLM agent benchmarks, finding safety gaps and introducing ten risk-aware evaluation metrics. Through an empirical evaluation of both API-based and open-weight LLM agents, we reveal hidden vulnerabilities that remain undetected by conventional assessments. To move the field forward, we propose the Safety-Aware Evaluation Agent (SAEA), grounded in a three-level evaluation framework that assesses agents at the model level (intrinsic capabilities), workflow level (multi-step process reliability), and system level (integration robustness). Our findings highlight the urgent need to redefine LLM agent evaluation standards by shifting the focus from raw performance to safety, robustness, and real world resilience.