Skills
skills/himself65/finance-skills/yfinance-data/Gen Agent Trust Hub

yfinance-data

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the 'yfinance' library from the Python Package Index (PyPI). This is a well-known and widely used library for market data.
  • [COMMAND_EXECUTION]: Uses 'subprocess.check_call' for dependency management and dynamic context injection to verify the environment. These actions are for setup and are not used to process untrusted input.
  • [PROMPT_INJECTION]: The skill reads external content from Yahoo Finance, creating an indirect prompt injection surface. Ingestion points: 'ticker.news' and 'ticker.info' (references/api_reference.md). Boundary markers: Absent. Capability inventory: 'subprocess.check_call' (SKILL.md). Sanitization: None mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 10:48 AM