technical-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-provided chart images and symbol names, which represents a potential ingestion point for untrusted data. However, the rigid analysis workflow and predefined template significantly limit the impact of any embedded instructions.
- Ingestion points: Chart images and user-provided ticker symbols.
- Boundary markers: None explicitly defined for image data.
- Capability inventory: File writing (saving markdown reports to the local filesystem).
- Sanitization: None described for symbol names used in filenames, which could theoretically lead to path traversal if the underlying agent does not sanitize input.
- [DATA_EXPOSURE] (SAFE): No access to sensitive files, hardcoded credentials, or network exfiltration patterns were detected.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download external scripts or execute arbitrary code.
- [PROMPT_INJECTION] (SAFE): No instructions to override system prompts or bypass safety filters were found.
Audit Metadata