review
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes a shell command to run a local Python script (
python3 scripts/fetch_market_data.py). Subprocess execution is a sensitive capability that relies on the integrity of the external script file which is not provided for analysis.\n- PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes external, potentially untrusted data from market records and daily logs.\n - Ingestion points: The skill reads from
股市信息/Records/trades.md, files in股市信息/Daily/, and股市信息/Config/Insight.md.\n - Boundary markers: No delimiters or warnings are used to prevent the agent from following instructions embedded within these files.\n
- Capability inventory: The skill possesses the ability to execute shell commands and write to multiple system files, including configuration and principle documents.\n
- Sanitization: No evidence of escaping or filtering logic for the ingested data was found.
Audit Metadata