compute-precious-miner-gross-margin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill is configured to download financial time-series data and corporate reports from trusted platforms such as Yahoo Finance (
yfinance) and official Investor Relations (IR) portals. These activities are consistent with the skill's stated purpose. - [COMMAND_EXECUTION] (LOW): The workflows include instructions to execute a local Python script (
scripts/margin_calculator.py) provided as part of the skill. This is standard operational procedure for this type of tool. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill contains logic for scraping and parsing mining news releases from external websites. This represents a potential ingestion point for untrusted data. However, the analysis shows that the data is processed using specific regular expressions and structured data templates, which minimizes the risk of the LLM interpreting data as instructions.
- [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data transfer or access to sensitive local files (e.g., SSH keys, environment variables) was found. Network operations are strictly targeted at public financial data sources.
Audit Metadata