brief
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a local Python script using a shell command (
python3 scripts/fetch_market_data.py). This allows for arbitrary code execution on the host system if the script file is tampered with or if the skill is obtained from an untrusted source. - [PROMPT_INJECTION] (HIGH): The skill processes untrusted external data (Cailian News and WebSearch results) and uses it to generate 'Actionable Advice' and financial 'Investment Briefs'. This is a high-risk surface for indirect prompt injection, where an attacker could influence news headlines to manipulate the agent into providing biased or harmful financial suggestions.
- [DATA_EXFILTRATION] (HIGH): An automated scanner (URLite) detected a blacklisted/malicious URL within
Profile.md. Because the skill is instructed to read this file to 'understand user investment background' and then potentially interact with external tools like WebSearch, there is a risk that sensitive user data (holdings, profile) could be leaked to the malicious domain or that the agent could be tricked into following the link. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on the
AKSharelibrary (implied by data source notes) and external network requests via the fetch script. These dependencies are not pinned or verified within the skill's instructions.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata