tushare-finance
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through its data ingestion methods.\n
- Ingestion points: The skill retrieves unstructured text from external sources via
api_client.pyand various Tushare interfaces, such as news feeds (pro.news), long-form communications (pro.major_news), and interactive investor Q&A boards (pro.irm_qa_sh,pro.irm_qa_sz).\n - Boundary markers: The skill does not implement delimiters or provide explicit instructions to the agent to ignore potential commands embedded in the retrieved financial text.\n
- Capability inventory: The skill is configured with
Bash(python:*)permissions inSKILL.md, allowing the agent to execute code that could be leveraged if an injection attack is successful.\n - Sanitization: The tool returns raw data from the Tushare API as pandas DataFrames without sanitization or content filtering for malicious instructional content.
Audit Metadata