toss-securities
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
tossctltool via Homebrew from a third-party repository (JungHoonGhae/tossinvest-cli). Executing binaries from unverified third-party sources can lead to arbitrary code execution on the host machine. - [COMMAND_EXECUTION]: The skill operates by executing shell commands (e.g.,
tossctl account summary) to retrieve sensitive information like account balances and order history. The integrity of these operations depends entirely on the third-party binary which is not from a trusted organization. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes and summarizes output from an external tool without sanitization or boundary markers.
- Ingestion points: Data returned from
tossctlshell commands. - Boundary markers: None present in the instructions.
- Capability inventory: Execution of shell commands and Node.js scripting.
- Sanitization: No validation or escaping of the tool's output is performed before the agent processes it.
Audit Metadata