alphaear-stock
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill fetches stock market data from well-known financial services, including Akshare and Yahoo Finance (via the yfinance library). These external connections are restricted to official API endpoints and align with the skill's core purpose.
- [SAFE]: Database operations are performed securely using the sqlite3 library with parameterized queries, which prevents potential SQL injection vulnerabilities during data caching and retrieval.
- [SAFE]: Input processing for stock tickers includes robust sanitization using regular expressions to ensure that only expected formats (numeric codes or alphabetic symbols) are used in API calls and database queries.
- [SAFE]: The skill manages environment variables safely through a context manager that temporarily unsets proxy settings to resolve connectivity issues, ensuring that the original environment configuration is restored immediately after data retrieval.
- [SAFE]: Although the skill ingests external data that is later presented to the agent, the lack of dangerous capabilities such as shell execution or dynamic code evaluation mitigates the risk of indirect prompt injection.
Audit Metadata