small-cap-growth-identifier
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill package contains only Markdown and configuration files. There are no executable scripts, Python packages, or Node.js modules, which effectively eliminates the risk of direct remote code execution or unauthorized command execution.
- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface because it is designed to ingest and process data from external financial toolkits (specifically findata-toolkit-cn). 1. Ingestion points: Market data retrieved via external tools and user-defined parameters. 2. Boundary markers: None identified in the prompt templates or workflow descriptions. 3. Capability inventory: The skill is limited to generating text-based analysis reports; it cannot perform file writes, network requests (directly), or system configuration changes. 4. Sanitization: No explicit logic is provided to sanitize or validate the content of the external financial data. The risk is limited to the potential for malicious data to manipulate the generated investment report.
Audit Metadata