ticker
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary from a remote repository via
go install github.com/sderosiaux/ticker-cli@latest. This is a vendor-owned resource and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill functions by executing the
ticker-clicommand-line tool with various arguments to retrieve market data. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted data from external financial market sources. 1. Ingestion points: Output from the
ticker-clicommand (financial data in JSON or CSV format) in SKILL.md. 2. Boundary markers: No specific delimiters or instructions to ignore embedded instructions are used. 3. Capability inventory: Shell command execution viaticker-cliin SKILL.md. 4. Sanitization: No evidence of validation or sanitization of the data retrieved from external sources.
Audit Metadata