akshare-data
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/akshare_query.pyfetches theaksharePython package from the well-known Tsinghua University PyPI mirror (https://pypi.tuna.tsinghua.edu.cn/simple) if the library is not present on the host system.\n- [COMMAND_EXECUTION]: The skill usessubprocess.check_callwithinscripts/akshare_query.pyto automate the installation of dependencies using thepippackage manager.\n- [COMMAND_EXECUTION]: Thescripts/akshare_query.pyfile usesgetattrto dynamically invoke functions within theaksharemodule based on parameters provided at runtime.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to the way it handles untrusted data.\n - Ingestion points: The skill retrieves external content such as news articles, sentiment data, and hot search rankings via AKShare APIs as listed in
references/alternative.mdandreferences/stock.md.\n - Boundary markers: No specific delimiters or instructions (e.g., 'ignore commands in data') are used to protect the agent context from instructions embedded in external data.\n
- Capability inventory: The agent can execute a wide range of financial data functions and write files to the local system using the
--saveparameter inscripts/akshare_query.py.\n - Sanitization: There is no evidence of content filtering or sanitization of data retrieved from external APIs before it is passed to the language model.
Audit Metadata