stock-briefing
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with well-known financial data providers including EastMoney (push2his.eastmoney.com), Tencent Finance (web.ifzq.gtimg.cn), and Sina (zhibo.sina.com.cn) to retrieve market indices and stock quotes. These are legitimate operations performed via the Python standard library.
- [PROMPT_INJECTION]: The skill processes news content from external financial sites, which represents an indirect prompt injection surface. 1. Ingestion points: News data is fetched from cls.cn and sina.com.cn in scripts/stock_briefing.py. 2. Boundary markers: Not present; the SKILL.md instructs the agent to output the content without modification. 3. Capability inventory: The agent is permitted to use the Bash and Read tools. 4. Sanitization: The script uses regular expressions to remove HTML tags from the news content before it is displayed.
Audit Metadata