fin-guru-quant-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection by processing external financial tickers through multiple command-line utilities. • Ingestion points: The TICKER and TICKERS variables are used as parameters across all scripts in the src/ directory, which likely ingest data from external market sources. • Boundary markers: The skill documentation lacks explicit boundary markers or instructions to isolate the ticker data from the execution context. • Capability inventory: The skill invokes several internal Python scripts (e.g., risk_metrics_cli.py, optimizer_cli.py) using 'uv run', providing a significant range of data processing capabilities. • Sanitization: A data validation step is mentioned (data_validator_cli.py), but its described purpose is statistical integrity (outliers, gaps) rather than sanitization of malicious string inputs.
Audit Metadata