finviz-screener
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements strict input validation within its core script (
scripts/open_finviz_screener.py). All user-provided filter codes and sorting parameters are validated against a restrictive regular expression allow-list (^[a-z0-9_.-]+$), which prevents URL injection and character-based command injection. - [COMMAND_EXECUTION]: The skill opens the system browser using
subprocess.runwith argument lists (notshell=True). This approach is a security best practice that prevents shell injection vulnerabilities. - [DATA_EXPOSURE]: The skill checks for an optional
FINVIZ_API_KEYenvironment variable to determine if it should use the Elite FinViz domain. This key is used only locally for domain selection and is not logged, exfiltrated, or transmitted to any third-party services. - [EXTERNAL_DOWNLOADS]: No external code or packages are downloaded during execution. The skill relies entirely on the provided local scripts and the Python standard library.
Audit Metadata