canslim-screener
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The script
scripts/test_institutional_endpoint.pyretrieves theFMP_API_KEYfrom environment variables usingos.environ.get(), avoiding hardcoded credentials. - [External Network Access] (LOW): The skill communicates with
finviz.comandfinancialmodelingprep.com. While these are non-whitelisted domains, the network activity is essential for the skill's primary purpose of fetching stock market data. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external web pages and APIs.
- Ingestion points:
scripts/finviz_stock_client.pyfetches HTML from Finviz;scripts/test_institutional_endpoint.pyfetches JSON from FMP. - Boundary markers: Absent; the data is directly parsed into dictionaries.
- Capability inventory: Limited to calculating numeric scores and returning structured data; no shell execution or file-writing capabilities were detected.
- Sanitization: The skill uses
BeautifulSoupto target specific table elements (snapshot-table2), which effectively filters out most unrelated page content. - [Unverifiable Dependencies] (SAFE): The skill requires standard, well-known libraries (
beautifulsoup4,requests,lxml) which are common for Python data processing and do not involve remote code execution during installation.
Audit Metadata