analyze-move-risk-gauges-leadlag
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill utilizes the Chrome DevTools Protocol (CDP) to inject and execute JavaScript into a browser session for data extraction. This requires the user to manually lower browser security by enabling remote debugging and allowing all origins.
- [Command Execution] (LOW): The skill relies on local script execution and provides shell commands for environment setup, which is standard for this type of tool but involves direct system interaction.
- [External Downloads] (LOW): It fetches data from external financial sources including MacroMicro, Yahoo Finance, and FRED. While these are reputable platforms, they are not on the explicit trusted source list.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from scraped web content. Ingestion points: MacroMicro scraping via CDP, Yahoo Finance API, FRED CSV. Boundary markers: None used to delimit external data. Capability inventory: Browser control via CDP, local file writes to 'cache/' directory. Sanitization: Uses pandas numeric coercion and null filtering.
Audit Metadata