uzi-skill-stock-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves financial data and market sentiment from established third-party services including yfinance, DuckDuckGo, and Chinese financial platforms like EastMoney and Xueqiu.
- [EXTERNAL_DOWNLOADS]: Downloads core skill code and required libraries from the vendor's GitHub repository during installation.
- [COMMAND_EXECUTION]: Executes internal Python scripts and manages the environment using standard system commands such as pip, python, and git.
- [COMMAND_EXECUTION]: Provides a 'remote mode' feature that initiates a Cloudflare Tunnel to allow users to view reports on mobile devices via a temporary public URL.
- [PROMPT_INJECTION]: The skill ingests untrusted data from web search results and financial news feeds, which represents an indirect prompt injection surface.
- Ingestion points: DuckDuckGo search results and various financial API responses.
- Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: Execution of local Python scripts, network operations for data fetching, and file writing for report assembly.
- Sanitization: No explicit content sanitization or validation logic is detailed in the skill markdown.
Audit Metadata