korean-stock-search
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the vendor's own domain (
nomadamas.org) to proxy requests to the Korea Exchange (KRX). No sensitive user data or system credentials are involved in these transactions. - [COMMAND_EXECUTION]: The skill provides templates for using
curlto interact with the financial API, which is standard behavior for data-retrieval skills. - [DATA_EXFILTRATION]: User input such as stock names and codes are sent to the author's proxy. This is expected as part of the search functionality and does not constitute unauthorized exfiltration.
- [SAFE]: Evaluated for Indirect Prompt Injection (Category 8):
- Ingestion points: Data returned from
https://k-skill-proxy.nomadamas.org/v1/korean-stock/is processed by the agent (SKILL.md). - Boundary markers: No explicit instructions to ignore embedded commands are present in the response handling.
- Capability inventory: The skill is limited to read-only
curlGET requests and does not have access to file writing or arbitrary command execution. - Sanitization: The skill documentation does not describe specific sanitization for the JSON data returned from the API.
Audit Metadata