track-equity-cumulative-return
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches stock price data from Yahoo Finance via the yfinance Python package. This is a standard and documented operation necessary for financial analysis.
- COMMAND_EXECUTION (LOW): The skill consists of multiple Python scripts (e.g., cumulative_return_analyzer.py, visualize_cumulative.py) intended for execution to generate reports and charts. The scripts include input validation via validators.py to prevent improper usage.
- DATA_EXFILTRATION (SAFE): Network activity is limited to the Yahoo Finance API, and file system operations are restricted to caching data in Parquet format and saving visualization outputs. No access to sensitive credentials or system files was found.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill processes external financial data, the risk of indirect injection is low because the data is strictly numerical and the ingestion process involves cleaning and validation before analysis.
Audit Metadata