block-deal-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external Python scripts located in a sibling directory (e.g.,
python ../findata-toolkit-cn/scripts/views_runner.py) to perform data aggregation and analysis tasks. This capability allows the agent to run arbitrary logic defined in those external files. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install dependencies from a local requirements file (
pip install -r ../findata-toolkit-cn/requirements.txt) which leads to the download and installation of packages from public registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion pipeline. 1. Ingestion points: Untrusted financial data is fetched from sources like AKShare and EastMoney via the
views_runner.pyscript and presented to the agent. 2. Boundary markers: The instructions lack explicit delimiters or safety markers to differentiate between data and instructions. 3. Capability inventory: The skill has access to command line execution to fetch and process data. 4. Sanitization: There is no evidence of data sanitization or validation before the content is included in the agent's context.
Audit Metadata