Financial Data Fetcher
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The
get_latest_newstool fetches headlines and summaries from external, untrusted sources which are then processed by the agent. This is a critical vulnerability surface. - Ingestion points: Fetched financial news headlines and summaries via
get_latest_news(SKILL.md). - Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands in the news data.
- Capability inventory: The skill is explicitly intended for use in a "trading strategy," implying downstream execution capabilities (e.g., buying/selling assets).
- Sanitization: No evidence of content sanitization or filtering of fetched text before it enters the agent's context.
- Metadata Poisoning (MEDIUM): The
metadata.jsonfile lists the category asdevops, which is highly misleading for a financial trading skill. This can lead to misapplication of security policies. - Unverifiable Dependencies (MEDIUM): The skill requires several external Python packages and is hosted in an untrusted GitHub repository (
IgorGanapolsky/trading), which has not been verified for safety.
Recommendations
- AI detected serious security threats
Audit Metadata