stress-test
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script using the Bash tool. The execution command uses a hardcoded absolute path (
/Users/kikuchihiroyuki/stock-skills/...) belonging to the author's local environment. This is a best-practice violation for portability but does not present a direct security threat in this context as the resource is vendor-owned. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests untrusted data via the
--scenarioargument and external financial data from theyahoo_clientmodule. This content is presented to the AI for qualitative interpretation in Step 6b (correlation analysis) and Step 8 (recommendations) without the use of boundary markers or sanitization. This creates a risk where malicious input within a scenario description or external stock data could attempt to manipulate the agent's summary or advice.
Audit Metadata