financial-report
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ability to ingest untrusted data from external URLs and present it to the agent.
- Ingestion points: The
get_report_contentfunction inscripts/finance.pyfetches content from user-provided URLs. - Boundary markers: The script returns the fetched content directly as a string (up to 10,000 characters) without using delimiters or instructions to the agent to ignore embedded commands.
- Capability inventory: The skill has network access via the
requestslibrary and data processing capabilities throughpandas. It does not expose file-system write access or dynamic code execution (eval/exec) in its runtime logic. - Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from external URLs before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch financial data and reports.
- Evidence: It retrieves data from well-known and trusted services including the SEC (sec.gov), CNInfo (cninfo.com.cn), and HKEX. It also allows fetching data from arbitrary URLs via the
get_report_contentmethod inscripts/finance.py, which could be used to target internal resources (SSRF) if the environment is not restricted.
Audit Metadata