vcp-screener
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches financial data from the Financial Modeling Prep API (financialmodelingprep.com). This is a well-known and established service for stock market information.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes and displays data retrieved from an external API.\n
- Ingestion points: Untrusted data such as company names, sectors, and sub-sectors are fetched from the FMP API in
scripts/fmp_client.py.\n - Boundary markers: The Markdown and JSON reports generated in
scripts/report_generator.pyuse structured headers and tables but do not utilize specific delimiters to isolate potentially malicious text from the API.\n - Capability inventory: The skill has permissions to write local report files and perform data analysis calculations. It does not possess network-write capabilities for user data.\n
- Sanitization: The skill does not perform explicit sanitization or escaping of API-provided strings before including them in the generated reports.
Audit Metadata