Skills
skills/ricequant/ricequant-skills/rq-idea-generation/Gen Agent Trust Hub

rq-idea-generation

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module in scripts/generate_report.py and provided workflow scripts to execute external command-line utilities such as rqdata and rq-report-renderer for financial data retrieval and report formatting.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from web search results to generate narrative report summaries.
  • Ingestion points: External data is read from web_search_findings.json as part of the report generation workflow.
  • Boundary markers: While the skill uses structured JSON and a Markdown template (assets/template.md) to guide output, it lacks specific instructions to ignore malicious directives embedded in external search summaries.
  • Capability inventory: The skill can execute shell commands via subprocess calls in the rendering and data collection scripts.
  • Sanitization: There is no explicit sanitization or filtering of search findings before they are processed by the agent to generate human-readable summaries.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 06:12 AM