fin-guru-strategize
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes
uv runto execute local Python scripts using aTICKERvariable. This creates a risk of command injection if the ticker symbol is sourced from untrusted input and not sanitized before being passed to the shell. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests external quantitative outputs without explicit sanitization or boundary markers. 1. Ingestion points: quantitative outputs in Workflow Step 1. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution via
uv runon multiple analysis tools (risk_metrics_cli.py, momentum_cli.py, volatility_cli.py, optimizer_cli.py). 4. Sanitization: Absent.
Audit Metadata