value-dividend-screener
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (HIGH): The file
references/fmp_api_guide.mdcontains instructions to append command strings to shell configuration files to persist API keys across sessions. - Evidence:
echo 'export FMP_API_KEY=your_api_key_here' >> ~/.bashrcinreferences/fmp_api_guide.md. - This technique allows for persistent environment modification and is a common vector for maintaining unauthorized access or execution in a shell environment.
- Indirect Prompt Injection (LOW): The skill's primary function involves ingesting data from an external financial API (
financialmodelingprep.com), which is an untrusted source. - Ingestion points: Data is retrieved from various endpoints such as
/v3/stock-screenerand/v3/income-statement/{symbol}as described inreferences/fmp_api_guide.md. - Boundary markers: There are no instructions in the provided files defining delimiters or warnings to ignore instructions embedded within the API responses.
- Capability inventory: The skill uses the ingested data to perform complex financial analysis and ranking as described in
references/screening_methodology.md. - Sanitization: No evidence of input validation or data sanitization is present in the provided documentation.
Recommendations
- AI detected serious security threats
Audit Metadata