market-data
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill documentation and code examples demonstrate network operations targeting
api.eng0.ai. This domain is not on the standard whitelist; however, these operations are intrinsic to the primary function of the skill (fetching market data) and do not involve sensitive local file access or secret exfiltration. - [Indirect Prompt Injection] (LOW): The skill retrieves news articles and company descriptions from an external source, which represents an indirect prompt injection surface.
- Ingestion points: External content is ingested via the
/stocks/newsand/stocks/detailsendpoints inSKILL.md. - Boundary markers: Absent; the examples do not demonstrate the use of delimiters when processing external text.
- Capability inventory: The skill's capabilities are restricted to network communication (HTTP POST) and do not include high-risk functions like
eval(),subprocess, or file system modification. - Sanitization: No explicit sanitization or filtering of API responses is shown in the provided Python examples.
- [Prompt Injection] (SAFE): The content consists entirely of technical API documentation and usage examples. No bypass instructions, role-play commands, or attempts to extract system prompts were detected.
- [Obfuscation] (SAFE): All files consist of clear, human-readable Markdown and Python code. No Base64, zero-width characters, or homoglyph-based evasion techniques are present.
- [Unverifiable Dependencies] (SAFE): The Python example relies on the standard
requestslibrary. There are no patterns suggesting the installation of unknown packages or the execution of remote scripts via shell piping.
Audit Metadata