Skills
skills/flying3615/my-skills-writer/stock-value-scanner/Gen Agent Trust Hub

stock-value-scanner

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • DATA_EXFILTRATION (MEDIUM): The script scripts/market_movers.py uses ssl._create_unverified_context() to bypass SSL certificate validation when fetching market data from Yahoo Finance. This makes the connection vulnerable to Man-in-the-Middle (MitM) attacks.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires the yfinance Python package, which is a third-party dependency from an unverified source.
  • COMMAND_EXECUTION (SAFE): The skill executes local Python scripts to process data. These scripts use argparse for secure parameter handling.
  • PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface as it ingests untrusted data from external APIs. Ingestion points: scripts/market_movers.py, scripts/scanner.py, scripts/stock_price.py. Boundary markers: Absent. Capability inventory: Network read operations via urllib and yfinance. Sanitization: Absent; API data is printed directly to the output reports.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:13 PM