financial-deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to ingest and synthesize data from external, untrusted financial sources, creating an attack surface for indirect instructions.
- Ingestion points:
research_engine.py(placeholder) and the agent's search tool fetch data from SEC EDGAR, financial news, and general web sources. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: Associated with Claude Code, which typically has tool access for filesystem modification and shell execution.
- Sanitization: No sanitization or validation of external content is performed before it is processed by the model.
- Data Exposure & Exfiltration (SAFE): The skill accesses external URLs for research purposes but does not attempt to access sensitive local system files (~/.ssh, ~/.aws) or hardcoded credentials.
- Metadata Poisoning (SAFE): Skill documentation and README content accurately reflect the intended functionality without deceptive or malicious hidden instructions.
Audit Metadata