edgartools
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the 'edgartools' package and its AI-specific components ('edgartools[ai]') from PyPI. It also describes setting up an MCP server using 'uvx' to download the 'edgartools-mcp' tool. These resources are authored by the skill's creator, K-Dense Inc., and are necessary for the skill's core functionality.
- [DATA_EXPOSURE]: The skill requires providing an identity (name and email) via the 'EDGAR_IDENTITY' environment variable. This is a standard transparency requirement mandated by the U.S. Securities and Exchange Commission (SEC) for all users of the EDGAR API and does not involve the exposure of private credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the conversion of SEC filings into Markdown format for LLM context (e.g., in 'references/ai-integration.md'). While this creates a surface for indirect prompt injection from external filing data, this is an inherent risk of document processing tools and is mitigated by the library's focus on structured data extraction.
Audit Metadata