tushare-finance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill executes
pip install tushare pandaswithout version pinning or hash verification, allowing for the potential installation of untrusted or malicious versions of these libraries. - [Command Execution] (MEDIUM): The skill relies on the
Bash(python:*)tool to execute Python code, granting the agent a high-privilege environment to process data. - [Prompt Injection] (HIGH): The skill exhibits a significant Indirect Prompt Injection vulnerability (Category 8) due to its interaction with external data. Evidence Chain: 1. Ingestion points: The skill reads from the Tushare Pro API (over 220 interfaces). 2. Boundary markers: Absent; there are no delimiters or warnings to ignore instructions inside the API response. 3. Capability inventory: Full Python execution via
Bash(python:*). 4. Sanitization: Absent; the skill does not validate or sanitize the external data before processing it for the user.
Recommendations
- AI detected serious security threats
Audit Metadata