Skills
skills/wentorai/research-plugins/finance-skills/Gen Agent Trust Hub

finance-skills

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads and installs the FinSight research framework from a public GitHub repository maintained by the RUC-NLPIR research lab.
  • [EXTERNAL_DOWNLOADS]: Recommends installing well-known financial data tools like akshare, yfinance, and fredapi from standard package registries.
  • [COMMAND_EXECUTION]: Provides shell commands for cloning repositories and installing Python dependencies using git and pip.
  • [DATA_EXFILTRATION]: Accesses public financial data sources such as Yahoo Finance, FRED, and SEC EDGAR. These connections are fundamental to the skill's purpose and follow best practices for secret management by using environment variables for API keys.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface in the FinSight research agent, which processes data from external sources including news feeds and company filings.
  • Ingestion points: Financial news APIs, SEC filings, and macroeconomic data sources.
  • Boundary markers: None explicitly defined in the instructions.
  • Capability inventory: Report generation with file-write operations and multi-agent network retrieval.
  • Sanitization: No specific input sanitization or verification logic is provided in the skill configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:32 AM