analyze-stock
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local Python script located at
scripts/data_fetcher.pyto retrieve stock valuation and financial data. This script is a vendor-provided resource used for the skill's core functionality. - [COMMAND_EXECUTION]: Invokes the Google Chrome binary in headless mode or the
npxutility to convert generated HTML reports into PDF files. - [EXTERNAL_DOWNLOADS]: Utilizes
npx -y md-to-pdfto download and run the 'md-to-pdf' package from the NPM registry at runtime if a local Chrome installation is unavailable. - [REMOTE_CODE_EXECUTION]: The execution of
npxinvolves fetching code from a remote repository and executing it on the local system. - [DATA_EXFILTRATION]: Uses
WebFetchandWebSearchto access content from arbitrary company websites, investor relations pages, and news outlets. While intended for data collection, this involves transmitting queries to external services. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: Phase 1 (Agent 2 and Agent 5) fetches content from third-party news sites and company websites via
WebFetch. - Boundary markers: The prompts for the subagents do not include instructions to treat the fetched content as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has the capability to write files to the local filesystem (HTML/PDF) and execute shell commands in Phase 4.
- Sanitization: No explicit sanitization or filtering of the retrieved web content is performed before it is summarized by the model or included in the final HTML report.
Audit Metadata