fund-screener
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
child_process.spawnin its Node.js entry points (cli.jsandinstall.js) to execute the Python analysis engine. Arguments are passed as an array rather than a shell string, which effectively prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: During installation, the skill fetches several well-known and industry-standard Python packages, including
akshare,pandas, andnumpy. These are necessary for the quantitative financial analysis described in the skill's purpose. - [SAFE]: No malicious patterns such as prompt injection, obfuscated code, or unauthorized persistence mechanisms were found. The skill operates on public financial data and includes comprehensive documentation on its data validation workflows, which involve well-known services like Baidu Gushitong.
- [DATA_EXFILTRATION]: Network activity is strictly limited to the intended functionality of retrieving financial data from public APIs and financial portals via the AkShare library.
Audit Metadata