Skills
skills/sjzsdu/tongstock/tongstock-cli/Gen Agent Trust Hub

tongstock-cli

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches source code from the author's GitHub repository (github.com/sjzsdu/tongstock.git) to compile the necessary CLI and server tools.
  • [COMMAND_EXECUTION]: Instructs the agent to perform local system operations including cloning a repository and building a Go project using go build.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of untrusted data from market servers.
  • Ingestion points: Fetches real-time quotes and company F10 documents, including profiles, reports, and announcements.
  • Boundary markers: No delimiters or safety instructions are provided to the agent to prevent the interpretation of data content as instructions.
  • Capability inventory: The skill utilizes the Bash tool for data processing and command execution.
  • Sanitization: External text content from company reports and news is not sanitized or filtered before being presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 05:39 AM