funda-data
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands (curl) to fetch data from the API and pipe the output to python3 for JSON formatting.- [EXTERNAL_DOWNLOADS]: Fetches financial data and transcripts from https://api.funda.ai/v1 endpoints.- [DYNAMIC_CONTEXT_INJECTION]: Uses the !command syntax in SKILL.md to execute a shell command at load time to verify if the FUNDA_API_KEY environment variable is configured.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from untrusted third-party platforms (Twitter, Reddit, news) which could contain malicious instructions.
- Ingestion points: Social media posts and comments fetched via /v1/twitter-posts and /v1/reddit-posts in references/alternative-data.md.
- Boundary markers: None identified; data is directly interpolated into the conversation.
- Capability inventory: Shell command execution (curl, python3).
- Sanitization: No sanitization steps for external data are described in the instructions.
Audit Metadata