chairman-daily-report
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted news and market data from external APIs.
- Ingestion points: Untrusted data is retrieved from the QVeris API and Sina Finance in scripts/fetch_company_news.py and scripts/fetch_sina_quote.py.
- Boundary markers: There are no boundary markers or instructions to the agent to disregard instructions within the fetched text.
- Capability inventory: The skill is primarily focused on data aggregation and report generation; no dangerous capabilities like arbitrary command execution or file system writes were detected.
- Sanitization: The skill performs basic keyword matching for sentiment analysis but does not sanitize the external content before passing it to the agent for report generation.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch financial data.
- Evidence: Scripts connect to qveris.ai (the vendor's API) and hq.sinajs.cn (Sina Finance).
- Insecure Implementation: Both scripts/fetch_market_data.py and scripts/fetch_sina_quote.py explicitly disable SSL certificate verification by setting ssl.CERT_NONE. This is a best practice violation that makes the connection vulnerable to man-in-the-middle (MITM) attacks.
Audit Metadata