yfinance
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
install.shscript andREADME.mdinstructions include commands to fetch theuvinstaller fromastral.shand pipe it to the shell. This is a standard installation method for a reputable Python package manager from Astral Software and is treated as a safe external reference. - [COMMAND_EXECUTION]: The documentation and
install.shscript involve commands that create directories and manage files in system-protected paths such as/root/clawdfor OpenClaw integration. These operations are part of the intended administrative setup of the skill. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it retrieves untrusted data from Yahoo Finance, specifically via news articles and search results.
- Ingestion points: Untrusted data enters the agent context through
tool_get_newsandtool_search_stocksinsrc/yfinance_mcp/tools/search.py. - Boundary markers: Absent. The skill returns strings within JSON objects but does not employ specific delimiters or instructions to the model to ignore embedded commands.
- Capability inventory: The MCP server is limited to data retrieval and does not implement dangerous capabilities like arbitrary command execution, file system writes (outside of installation), or dynamic code evaluation.
- Sanitization: The skill rounds numeric values and filters for nulls but does not sanitize textual content from news summaries or search results for potential injection patterns.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata