news-sentiment
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill body and scripts confirms no presence of malicious patterns, obfuscation, or unauthorized data access.
- [COMMAND_EXECUTION]: The skill uses uv to execute a local Python script for its primary functionality, which is an expected and safe execution pattern.
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by processing external news headlines from Yahoo Finance. Evidence: (1) Ingestion point: Stock news headlines are fetched in scripts/news.py. (2) Boundary markers: The tool returns data as structured JSON. (3) Capability inventory: The skill's capabilities are restricted to data retrieval and printing. (4) Sanitization: No explicit sanitization of news content is performed, though the JSON structure limits direct impact.
Audit Metadata