peer-comparison
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves financial data from well-known sources including the SEC EDGAR API and StockAnalysis.com, which are standard for financial analysis tasks. These downloads are performed to fetch specific financial metrics as part of the skill's primary function.\n- [PROMPT_INJECTION]: The skill ingests external data from web searches and SEC filings, which creates a surface for indirect prompt injection. However, the risk remains low due to the limited capability scope of the agent.\n
- Ingestion points: External data is ingested from Stock Analysis, SEC APIs, and WebSearch results (SKILL.md).\n
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands present in the prompt templates.\n
- Capability inventory: The skill is limited to data retrieval and formatting; it contains no subprocess calls, file-write operations, or dynamic code execution.\n
- Sanitization: The skill extracts specific numeric and financial metrics into a structured table, which naturally filters out non-conforming data and limits the impact of embedded instructions.
Audit Metadata