Skills
skills/okikusan-public/stock_skills/screen-stocks/Gen Agent Trust Hub

screen-stocks

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script using the Bash tool. The command in SKILL.md uses an absolute path (/Users/kikuchihiroyuki/...) which identifies specific environment-dependent configurations.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from external sources via the Grok API (X/Twitter and Web search results) through functions like run_trending_mode and run_auto_theme_mode in run_screen.py. There are no explicit boundary markers or sanitization logic visible in the provided script to prevent malicious instructions within the fetched content from influencing the agent's behavior. Capability: The skill has access to Bash(python3 *).
  • [CREDENTIALS_UNSAFE]: The script references the XAI_API_KEY environment variable for authentication with the Grok API. While the key is not hardcoded, the skill's functionality depends on the presence of this external secret in the user's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 10:29 AM