Skills
skills/openclaw/skills/stock-market-pro/Gen Agent Trust Hub

stock-market-pro

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill executes local Python scripts using uv run to process financial data. This is standard behavior for the tool's core logic.
  • [EXTERNAL_DOWNLOADS] (SAFE): The tool relies on the yfinance library to retrieve real-time quotes and fundamentals from Yahoo Finance, which is appropriate for its stated purpose.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from external financial sources. * Ingestion points: Data retrieved from Yahoo Finance (such as company descriptions, news, or metadata) and user-supplied ticker symbols. * Boundary markers: None identified in the provided documentation or instructions. * Capability inventory: Subprocess execution of local scripts via uv run and display of data to the agent context. * Sanitization: Content of the referenced scripts/yf was not provided, preventing verification of input sanitization for ticker symbols or external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 02:57 PM