generating-trading-signals
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data retrieved from financial markets.
- Ingestion points: Market data fetched via the
yfinancelibrary is passed toscripts/scanner.py. - Boundary markers: The skill documentation does not specify explicit delimiters or 'ignore' instructions for the data being processed.
- Capability inventory: The skill utilizes
Bash(python:*)to execute local analysis scripts. - Sanitization: While scripts are not provided, the use of
pandasandnumpytypically involves structured numerical data, reducing the likelihood of successful injection compared to free-text processing. - [External Downloads] (LOW): The skill instructions include the installation of several Python packages (
yfinance,pandas,numpy,matplotlib). These are standard, widely-used libraries for data science and finance and are considered acceptable dependencies.
Audit Metadata