investment-data
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Unsafe file extraction in
scripts/download_data.py. Theextract_tarfunction usestarfile.extractall()on atar.gzarchive downloaded from a remote URL. This method is susceptible to TarSlip/path traversal attacks, which could allow a malicious archive to write files to arbitrary locations on the host system if the source is compromised. - [COMMAND_EXECUTION]: Internal script execution via subprocess.
scripts/data_client.pycontains theupdate_datamethod which callssubprocess.run(['python', 'scripts/download_data.py', '--latest']). This pattern executes system commands to handle data updates. - [EXTERNAL_DOWNLOADS]: Fetching data from external third-party sources. The skill downloads datasets from the
chenditc/investment_datarepository on GitHub. - [PROMPT_INJECTION]: Potential surface for indirect prompt injection. (1) Ingestion points:
scripts/download_data.pydownloads data files from an external repository which are subsequently read byscripts/data_client.py. (2) Boundary markers: Absent. Data extracted from external sources is passed to the agent without delimiters or safety instructions. (3) Capability inventory: The skill includessubprocess.run()calls inscripts/data_client.pyand file writing/extraction inscripts/download_data.py. (4) Sanitization: Absent. Data is loaded directly into pandas DataFrames and provided to the caller without filtering for malicious prompt instructions.
Audit Metadata