Skills
skills/neversight/skills_feed/yahoo-finance/Gen Agent Trust Hub

yahoo-finance

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The SKILL.md metadata includes an installation step for the uv package manager via https://astral.sh/uv/install.sh. Although this is the official site for the tool, the domain is not included in the 'Trusted External Sources' whitelist, necessitating a manual review of the script's contents.
  • COMMAND_EXECUTION (LOW): The setup instructions require running chmod +x on the {baseDir}/scripts/yf file. While typical for CLI-based skills, this elevates the file's privileges to executable status.
  • NO_CODE (LOW): The primary execution logic contained in scripts/yf was not provided in the file list for analysis. The documentation suggests it uses PEP 723 metadata to manage dependencies at runtime, which is a form of dynamic environment preparation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 05:34 PM