monitor-etf-holdings-drawdown-risk
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Persistence mechanism detected.
workflows/monitor.mdcontains code to implementapschedulerfor background jobs that run indefinitely on the host system. This is a common persistence technique used to maintain access and execute tasks without direct user intervention. - [PROMPT_INJECTION] (HIGH): Significant vulnerability to Indirect Prompt Injection (Category 8). Ingestion points: The skill fetches data from external websites via Selenium in
fetch_etf_holdings.py. Boundary markers: Absent. Scraped content is not delimited or marked as untrusted. Capability inventory: Includes full browser automation, background task scheduling, and local file writing. Sanitization: Absent. External data is parsed and directly used to generate logical interpretations for the agent. - [REMOTE_CODE_EXECUTION] (MEDIUM): Runtime binary execution via
webdriver-manager. The skill downloads and executes browser driver binaries at runtime. While sourced from established vendors, this pattern bypasses static security checks. - [EXTERNAL_DOWNLOADS] (LOW): Financial data and drivers are downloaded from Yahoo Finance and browser vendors. These are trusted sources for these resources, downgrading the download risk per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata