xvary-stock-research
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's tools (
tools/edgar.pyandtools/market.py) perform network requests to external domains includingsec.gov,query1.finance.yahoo.com,finviz.com, andstooq.comto retrieve financial data. While these are well-known and established financial services, they are outside the standard whitelist. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources that could potentially be influenced by third parties (e.g., content in SEC filings or public market data pages).
- Ingestion points: External data enters the agent context via the output of
tools/edgar.pyandtools/market.py. - Boundary markers: The instructions in
SKILL.mddo not implement explicit boundary markers or delimiters to isolate untrusted external data from the agent's instructions. - Capability inventory: The skill possesses the capability to execute local Python scripts which perform network operations (fetching data).
- Sanitization: The Python tools parse data into structured formats (JSON/CSV) which provides some protection, but the skill lacks specific sanitization logic to prevent malicious instructions embedded in the financial data from influencing the agent's behavior.
Audit Metadata