event-impact-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script at
scripts/analyze_event_impact.pyto perform financial analysis and interact with the KIS API. - [EXTERNAL_DOWNLOADS]: The skill's bundled script communicates with the Korea Investment & Securities (KIS) Open API at
https://openapi.koreainvestment.com:9443to fetch historical index data for KOSPI and Nasdaq. This is a well-known financial service. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because its workflow involves interpreting untrusted content from the web to research historical events.
- Ingestion points: Web search results and user-provided URLs used for analog research, date verification, and event interpretation as described in the
SKILL.mdworkflow. - Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands within the searched content.
- Capability inventory: The skill can execute local scripts and perform authenticated network operations to a financial service API.
- Sanitization: No explicit sanitization or validation of the content retrieved from external sources is performed before it is used to guide the agent's analysis.
Audit Metadata