detect-us-equity-valuation-percentile-extreme
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill downloads financial datasets from external sources including Yale University and the Federal Reserve Bank of St. Louis (FRED). While these are reputable entities, they are not on the predefined trusted whitelist. The Yale Shiller data is specifically accessed via an unencrypted HTTP connection (
http://www.econ.yale.edu/~shiller/data/ie_data.xls), which presents a minor risk of data tampering during transit. - Indirect Prompt Injection (LOW): The skill ingests data from external websites (Yahoo Finance, Multpl, MacroMicro) to generate summaries and risk interpretations.
- Ingestion points: Data is imported into the agent's context through scripts fetching XLS, CSV, and crawled HTML content.
- Boundary markers: The workflow does not specify the use of delimiters to isolate untrusted data from instruction-bearing text.
- Capability inventory: The skill can perform network operations via requests/selenium and write output files to the local system.
- Sanitization: While the code performs numerical cleaning (e.g., dropping NA values), it does not sanitize text strings to prevent indirect prompt injection from malicious external data sources.
Audit Metadata