stock-qualitative-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The documentation file
OPENCODE.mdrecommends an insecure installation pattern:curl -fsSL https://opencode.ai/install | bash. This pattern is high-risk as it executes unverified remote scripts directly in the shell. - COMMAND_EXECUTION (LOW): The script
scripts/build_source_manifest.pyutilizessubprocess.runto executefetch_sec_edgar.py. While used for internal logic, this provides a mechanism for system command execution that could be exploited if parameters like tickers or file paths are manipulated. - EXTERNAL_DOWNLOADS (LOW): The skill is designed to download financial data from the SEC EDGAR system. While this is its core purpose, interacting with external domains expands the agent's attack surface.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core workflow of processing external, untrusted documents.
- Ingestion points:
scripts/extract_sec_html_sections.py(HTML filings) andscripts/ingest_local_pdfs.py(PDF filings). - Boundary markers: Absent. There are no instructions in
SKILL.mdor the guardrails to wrap external content in delimiters or to ignore embedded instructions. - Capability inventory: Use of
subprocess.run(inscripts/build_source_manifest.py) and permission to write reports to the local file system. - Sanitization: Inadequate.
scripts/extract_sec_html_sections.pyuses basic regex-based HTML stripping which does not prevent malicious instruction injection hidden within the text content.
Audit Metadata