Skills
skills/tradeinsight-info/investment-analysis-skills/sec-fetch/Gen Agent Trust Hub

sec-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands and local file operations to manage its state. It reads and writes a local config.json file within the plugin directory to persist the user's identification details. It also invokes a standalone bash script (sec-fetch.sh) to perform network operations.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to perform network requests to external domains. While its intended use is for SEC EDGAR endpoints (www.sec.gov, data.sec.gov, efts.sec.gov), the implementation in the shell script allows it to fetch data from any URL provided by the calling skill or agent.
  • [SAFE]: The collection and storage of a name and email address is a legitimate requirement for the SEC EDGAR API. The skill handles this by storing the information in a local configuration file rather than hardcoding it or sending it to an unauthorized third party.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:39 AM