financial-deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill functions by retrieving and processing external data from various financial sources which could contain malicious instructions.
- Ingestion points: External data enters the context via the research engine's retrieval phase from Tier 1-4 financial sources (e.g., news sites, SEC EDGAR).
- Boundary markers: Absent. The provided scripts do not show explicit delimiters or instructions to ignore embedded prompts in retrieved data.
- Capability inventory: The skill utilizes parallel web searching and recursive agent spawning to handle long-form research tasks.
- Sanitization: The
md_to_html.pyscript uses regex for formatting but does not escape HTML or sanitize content. If retrieved data contains malicious HTML or scripts, they would be rendered in the final local report file, creating a potential XSS vector for the user's local browser environment.
Audit Metadata