scanner-pmcc
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety filters or override system prompts.
- [EXTERNAL_DOWNLOADS]: The skill depends on 'yfinance', a well-known and trusted library for accessing Yahoo Finance data. No unauthorized or suspicious external downloads are present.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access (e.g., SSH keys, environment variables), or unauthorized network transmissions were detected.
- [COMMAND_EXECUTION]: The script 'scripts/scan.py' uses 'argparse' to safely handle user inputs and does not invoke subprocesses or shell commands with unsanitized data.
- [DATA_EXPOSURE]: The capability to write results to a local file via the '--output' parameter is a standard functional requirement for a scanning tool and is handled through standard Python file operations.
- [INDIRECT_PROMPT_INJECTION]: Analyzed the attack surface for indirect injection:
- Ingestion points: 'scripts/scan.py' reads symbol data from a user-provided JSON file path.
- Boundary markers: Not explicitly defined for the symbol data contents.
- Capability inventory: The skill has file-write capabilities via the '--output' argument and performs data processing via internal 'trading_skills' modules.
- Sanitization: The symbols are normalized to uppercase and stripped of whitespace before being passed to the analysis engine, which is appropriate for the skill's primary purpose.
Audit Metadata