downtrend-duration-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves historical stock data from
financialmodelingprep.com. This is a recognized financial data provider, and the network access is essential for the tool's core functionality.\n- [COMMAND_EXECUTION]: The provided Python scripts perform data processing and report generation. The code uses standard libraries for analysis and does not invoke shells or execute external system commands.\n- [DATA_EXFILTRATION]: The skill utilizes an API key stored in environment variables to access financial data. There is no evidence of unauthorized access to sensitive local files or credentials.\n- [PROMPT_INJECTION]: The skill processes untrusted data from an external API, which presents an indirect injection risk.\n - Ingestion points: Stock symbols, sector names, and historical price metadata fetched from the FMP API in
scripts/analyze_downtrends.py.\n - Boundary markers: None. External data is merged directly into output reports without specific delimiters or instructions for the agent to ignore embedded content.\n
- Capability inventory: The skill writes analysis results in JSON, Markdown, and HTML formats to the local filesystem using standard file I/O.\n
- Sanitization: The
scripts/generate_histogram_html.pyscript constructs HTML dropdown menus using f-strings for sector names without applying HTML escaping, which represents a potential XSS surface if the API data contained malicious scripts.
Audit Metadata