financial-data-collector
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches market and financial data from Yahoo Finance using the yfinance Python library. This is a well-known service for financial data and the behavior is expected.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface. 1. Ingestion points: Processes user-provided ticker symbols and external data responses from the Yahoo Finance API within scripts/collect_data.py. 2. Boundary markers: None present. 3. Capability inventory: Performs network requests via the yfinance library and writes structured JSON to the local file system in scripts/collect_data.py. 4. Sanitization: Ticker symbols are normalized to uppercase and output is formatted as valid JSON, which provides a layer of isolation for downstream tasks but does not fully sanitize the ingested content itself.
Audit Metadata