daily-stock-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and summarizes external data, which is an inherent vulnerability surface.
- Ingestion points: Market news, technical indicators, and fundamental data are retrieved from various external APIs including Tavily, SerpAPI, Brave, AkShare, and YFinance.
- Boundary markers: The documentation does not specify the use of delimiters or instructions to the LLM to ignore embedded commands within the processed news text.
- Capability inventory: The skill has the capability to perform network requests and push data to multiple notification platforms (Telegram, Discord, WeChat, etc.) based on AI analysis results.
- Sanitization: There is no mention of input sanitization or filtering for the external news content before it is processed by the LiteLLM backend.
Audit Metadata