stock-quote
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes data from an external, attacker-influenced source (financial market data).
- Ingestion points: The script
scripts/quote.pyaccepts a ticker symbol as a command-line argument and retrieves external data via thetrading-skillsmodule (fetching from Yahoo Finance). - Boundary markers: There are no delimiters or explicit instructions in the prompt to treat the fetched stock data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill executes a Python script using
uv run, which has the capability to print output that the agent interprets. No direct file-write or network-send capabilities are present in the provided script code beyond the import. - Sanitization: The input ticker symbol is normalized using
.upper(), but the content returned from the external API is not sanitized or validated before being presented to the agent. - [COMMAND_EXECUTION]: The skill uses
uv run python scripts/quote.pyto execute a local Python script. This is the primary intended mechanism for the skill and is used to process the requested ticker symbol.
Audit Metadata