Skills
skills/mvanhorn/printing-press-library/pp-yahoo-finance/Gen Agent Trust Hub

pp-yahoo-finance

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install binaries from non-standard external repositories.
  • Binaries are installed via npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library/....
  • [DATA_EXFILTRATION]: The skill exposes a --deliver flag that supports a webhook: scheme.
  • This feature allows the agent to send command outputs, which may contain sensitive portfolio data or financial summaries, to arbitrary external URLs.
  • There is a feedback command that can be configured to POST data to a remote endpoint via the YAHOO_FINANCE_FEEDBACK_ENDPOINT environment variable.
  • [COMMAND_EXECUTION]: The skill provides the agent with the ability to execute complex CLI commands and direct SQL queries against a local database using the sql command.
  • [CREDENTIALS_UNSAFE]: The skill references the use of a sensitive cookie file (~/yahoo-cookies.json) for session management in the auth login-chrome command, which represents potential exposure of session credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 05:38 PM