Skills
skills/eng0ai/eng0-template-skills/sec-edgar-skill/Gen Agent Trust Hub

sec-edgar-skill

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill provides tools to read raw content from SEC filings via functions like filing.text() and filing.markdown() in reference/objects.md and SKILL.md. This content is externally controlled and can be manipulated by an attacker to include hidden instructions. In a high-privilege environment such as Claude Code, which can execute system commands, these instructions could lead to arbitrary code execution or data theft. \n
  • Ingestion Points: filing.text(), filing.markdown(), filing.search(), and filing.items() across SKILL.md and reference/objects.md. \n
  • Boundary Markers: None. No instructions are provided to the agent to sanitize or ignore embedded instructions in the filing data. \n
  • Capability Inventory: The skill is specifically designed for agents with command-line access and general-purpose tool execution. \n
  • Sanitization: Absent. Data is passed directly to the agent's context. \n- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the edgartools library as seen in requirements.txt. This library is not hosted in a pre-approved 'Trusted Source' repository, making its installation a medium-risk dependency management issue per policy.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:16 PM