Skills
skills/himself65/finance-skills/earnings-recap/Gen Agent Trust Hub

earnings-recap

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses dynamic context injection (the !command syntax) in SKILL.md to execute a shell command that checks for the presence of the yfinance package when the skill is loaded.
  • [COMMAND_EXECUTION]: Instructs the agent to utilize the subprocess module to run pip install for the yfinance library if it is not already installed in the environment.
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the yfinance package from the official Python Package Index (PyPI) to support financial data retrieval.
  • [PROMPT_INJECTION]: Subject to indirect prompt injection risks as the skill ingests and summarizes external news data via the ticker.news API.
  • Ingestion points: External news headlines are retrieved from ticker.news in SKILL.md and references/api_reference.md.
  • Boundary markers: None present; the skill does not use delimiters or specific instructions to ignore malicious content embedded within the fetched headlines.
  • Capability inventory: The skill environment allows for Python code execution and shell command execution via subprocess.
  • Sanitization: No validation, filtering, or escaping is performed on the news data before it is presented in the final summary.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 11:39 PM