Skills
skills/ninehills/skills/stock_analysis/Gen Agent Trust Hub

stock_analysis

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill explicitly instructs the agent to execute an external Python script (stock.py) via uv run python. The content of this stock.py script is not provided as part of the skill definition, making it an unverifiable dependency. Without the ability to audit the script's code, its actions (e.g., network requests, file system access, arbitrary command execution) cannot be assessed for security risks. The skill assumes the user has this script locally at a specified path, but its origin and integrity are unknown.

Total Findings: 1

🟡 MEDIUM Findings: • Unverifiable Dependency / Command Execution

  • Line 12: cd <path> && uv run python stock.py --stocks 600519
  • The skill executes an external Python script (stock.py) whose content is not provided for analysis. This script could perform arbitrary actions on the system. The uv run python command directly executes this unverified code.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 06:47 AM