earnings-trade-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): A comprehensive analysis across all threat categories confirms that the skill is safe for use and follows industry best practices for financial data tools.
- CREDENTIALS_UNSAFE (SAFE): The skill requires an FMP API key for authentication but correctly manages it via environment variables (FMP_API_KEY) or command-line parameters, avoiding hardcoded secrets.
- DATA_EXFILTRATION (SAFE): Network communication is limited to fetching structured financial data from financialmodelingprep.com. No exfiltration of sensitive user files or local system information was detected.
- COMMAND_EXECUTION (SAFE): The scripts are dedicated to data calculation and reporting; they do not invoke arbitrary shell commands or use dangerous functions like os.system or subprocess.run for untrusted input.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill processes external API data, it lacks the 'capability surface' (such as dynamic code execution) required for an indirect prompt injection to escalate into a significant security event.
Audit Metadata