market-data
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill interacts with an external API at api.eng0.ai. While this is expected for its functionality, the domain is not on the list of trusted sources. It transmits stock tickers and date ranges externally.
- [Indirect Prompt Injection] (LOW): The skill ingests news sentiment and company details from an external source. This creates a surface for indirect prompt injection.
- Ingestion points: SKILL.md (/stocks/news, /stocks/details).
- Boundary markers: None provided in documentation.
- Capability inventory: Limited to network API requests; no local file or command execution detected in skill code.
- Sanitization: No validation or sanitization of external content is specified.
Audit Metadata