chris-stock-master
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs industry-standard financial and data science libraries (yfinance, akshare, polars, matplotlib) from PyPI. These are trustworthy and necessary for the skill's primary purpose.
- [COMMAND_EXECUTION] (SAFE): Shell commands are utilized for setting up a Python virtual environment and running internal scripts. All operations are scoped to the skill's local directory structure.
- [DATA_EXFILTRATION] (SAFE): No unauthorized data access or credential harvesting was detected. Financial API tokens (e.g., TUSHARE_TOKEN) are appropriately managed via environment variables.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill fetches stock data and analyst ratings from external providers like Yahoo Finance and AkShare via
scripts/fetch_data.py(referenced) andscripts/analyst.py. - Boundary markers: Absent. The skill renders processed data directly into reports without explicit delimiters to prevent the agent from interpreting data as instructions.
- Capability inventory: The agent reads generated markdown files and presents findings to the user.
- Sanitization: The skill processes structured numerical and categorical data, which significantly reduces the risk of instruction injection compared to free-text web scraping.
Audit Metadata