analyze-copper-inventory-rebuild-signal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on standard, reputable Python packages including
pandas,numpy,requests,yfinance, andmatplotlib. These are standard tools for financial data analysis. - [COMMAND_EXECUTION] (LOW): The skill utilizes the Chrome DevTools Protocol (CDP) to automate a local browser instance for data scraping. While this involves starting a browser with specific flags (e.g.,
--remote-allow-origins=*), it is a documented method within the skill's methodology for bypassing anti-bot measures on legitimate data sources like MacroMicro. - [DATA_EXPOSURE & EXFILTRATION] (SAFE): Analysis of the workflows and data source references confirms that network activity is restricted to well-known financial data providers (Yahoo Finance and MacroMicro). No hardcoded credentials or access to sensitive local system files were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external websites. While this presents a theoretical surface for indirect prompt injection, the data is processed into structured formats (CSV, JSON) and used for numerical analysis (Z-scores, percentiles), which significantly mitigates the risk of an LLM obeying instructions embedded in the scraped content.
Audit Metadata