institutional-flow-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill was analyzed across all ten threat categories and no security issues were identified.
- [CREDENTIALS_UNSAFE]: User credentials for the FMP API are managed via environment variables or command-line flags, avoiding hardcoded secrets in the code.
- [EXTERNAL_DOWNLOADS]: Data is fetched from a well-known financial service provider (financialmodelingprep.com) using standard HTTP requests for the intended purpose of the skill.
- [DATA_EXFILTRATION]: All analyzed position data and reports are stored locally on the user's filesystem in the reports directory; no unauthorized external transmission of user data was detected.
- [COMMAND_EXECUTION]: Script operations are limited to standard API interactions and local file writing, with no arbitrary command execution, shell spawning, or privilege escalation patterns.
Audit Metadata