china-stock-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to execute shell commands using variables derived from user input (e.g., in Step 2 of Workflow 1 and 2). Without strict sanitization, this allows for arbitrary command injection if a user provides malicious parameters.
- PROMPT_INJECTION (HIGH): There is a high risk of Indirect Prompt Injection because the skill ingests external content from the akshare API and processes it to generate reports and drive further analysis. 1. Ingestion points: external stock data from akshare and user-provided criteria. 2. Boundary markers: Absent; there are no delimiters used to isolate external data. 3. Capability inventory: The skill can execute local scripts and write to the filesystem. 4. Sanitization: Absent; external data is directly interpolated into Markdown templates and analysis workflows.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the runtime installation of multiple Python packages (akshare, pandas, numpy) from untrusted sources without version pinning, creating a supply chain risk.
- COMMAND_EXECUTION (MEDIUM): The primary execution logic is contained in local scripts (scripts/data_fetcher.py, scripts/stock_screener.py, etc.) that are missing from the provided codebase, rendering the actual data processing and execution behavior unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata