us-stock-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill instructs the agent to systematically ingest and act upon untrusted external content, creating a significant attack surface.
- Ingestion points: In
SKILL.md, the 'Data Sources' and 'Search Strategy' sections command the agent to 'Always use web search tools' to find 'Recent news and developments', 'Analyst ratings', and 'Peer/competitor data'. - Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between legitimate financial data and potential malicious instructions hidden in search results or web pages.
- Capability inventory: The skill produces 'Investment Recommendations' (Buy/Hold/Sell) and 'Comprehensive Reports'. In an agentic workflow, these outputs constitute 'decisions with side effects' that can influence user assets or be passed to automated trading tools.
- Sanitization: Absent. The instructions do not include any validation or filtering logic for the data retrieved via web search.
- No Code (SAFE): This skill consists entirely of Markdown files and reference templates. It does not contain executable scripts, binaries, or package dependencies, which eliminates risks related to Remote Code Execution (RCE) or malicious software within the skill package itself.
Recommendations
- AI detected serious security threats
Audit Metadata