yahoo-finance
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (HIGH): The skill metadata specifies an installation step that downloads a shell script from 'https://astral.sh/uv/install.sh'. Because 'astral.sh' is not in the list of trusted external sources, this download and subsequent execution of a remote script is considered a high-risk operation.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: The 'yf news' and 'yf search' commands fetch external, attacker-controllable data (financial news headlines and search results) from Yahoo Finance into the agent's context.
- Boundary markers: There are no delimited boundaries or specific instructions to ignore embedded commands within the fetched data.
- Capability inventory: The skill allows the execution of bash commands via the 'yf' tool, providing a high-privilege execution environment for potential injected instructions.
- Sanitization: No sanitization or filtering logic is present to clean external content before it is processed by the agent.
- COMMAND_EXECUTION (LOW): The setup requires the user to modify file permissions using 'chmod +x' for the internal 'yf' script. While this involves filesystem modification, it is expected for a skill distributing its own executable scripts.
Recommendations
- AI detected serious security threats
Audit Metadata