financial-intel
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill fetches untrusted natural language data such as 'aiSummary', 'narrative', and 'reason' from the Banana Farmer API and injects it directly into the agent's context. 1. Ingestion points:
bf-lookup.py(lines 125-132),bf-market.py(lines 106-114), andbf-watchlist.py(lines 62-75). 2. Boundary markers: Absent; remote content is printed directly. 3. Capability inventory: The agent performs financial analysis and portfolio oversight based on this data. 4. Sanitization: None detected. - Data Exfiltration & Exposure (MEDIUM):
bf-portfolio.py(lines 122-144) reads local JSON files containing sensitive financial holdings, shares, and cost basis. While it does not send the quantities to the API, exposing the full contents of these files to the agent's reasoning context is a significant data exposure risk. - Network Operations (LOW): Scripts communicate with a non-whitelisted domain (
bananafarmer.app). While consistent with the skill's purpose, the domain lacks trusted status.
Recommendations
- AI detected serious security threats
Audit Metadata