stock-price-updater
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes well-known Python libraries including pandas, openpyxl, yfinance, and akshare to fetch financial data and manipulate Excel spreadsheets. These are standard dependencies for the skill's stated purpose.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present due to the processing of untrusted external content.
- Ingestion points: The script scripts/update_stock_prices.py ingests data from Excel files using the pandas.read_excel method.
- Boundary markers: The skill does not implement delimiters or instructions to ignore embedded commands within the processed cell data.
- Capability inventory: The script performs network requests to financial data providers and has the capability to modify local files on the system.
- Sanitization: Input from the Excel file is validated for stock code formats using regular expressions but is not sanitized against natural language instructions that could target a downstream agent.
Audit Metadata