whale-hunting
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (
whale_hunting.py) using theuvtool or standard Python. This script processes ticker symbols and arguments provided by the user.- [EXTERNAL_DOWNLOADS]: The skill retrieves financial data from Yahoo Finance and the Massive API to perform its analysis. These are well-known financial data services.- [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the skill processes and displays data from external APIs. - Ingestion points: Data enters through the
whales_hunterfunction which fetches external option chain data. - Boundary markers: The agent is instructed to render the final results in structured Markdown tables.
- Capability inventory: The skill is authorized to execute its own internal analysis script via the shell.
- Sanitization: The script performs standard data rounding and type conversion, though it does not explicitly filter for natural language instructions embedded within API data fields.
Audit Metadata