yfinance-data
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard financial data retrieval using a reputable open-source library (yfinance). All network operations are directed to Yahoo Finance's public APIs through the library's standard methods.
- [EXTERNAL_DOWNLOADS]: The skill includes a bootstrap step to install the 'yfinance' package from PyPI if it is missing. This is a common pattern for Python-based skills and targets the official package registry.
- [COMMAND_EXECUTION]: Subprocess calls are used exclusively for environment checks ('python3 -c') and package installation ('pip install'). These are controlled, internal operations necessary for the skill's functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill processes ticker symbols provided by users. While this is an ingestion point for untrusted data, the risk is negligible as the data is used strictly as parameters for financial API calls with no path to sensitive system operations.
Audit Metadata