Skills
skills/yuping322/finskills/concept-board-analyzer/Gen Agent Trust Hub

concept-board-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts from a sibling directory (../findata-toolkit-cn/scripts/views_runner.py) to retrieve financial data.
  • [EXTERNAL_DOWNLOADS]: Dependencies are managed via a local requirements file (../findata-toolkit-cn/requirements.txt) as part of the environment setup.
  • [CREDENTIALS_UNSAFE]: The skill utilizes the XUEQIU_TOKEN environment variable for authenticated data access, which is a standard security practice.
  • [PROMPT_INJECTION]: The skill processes financial market data and news, representing a theoretical surface for indirect prompt injection. Ingestion points: market data fetched in references/data-queries.md. Boundary markers: Absent. Capability inventory: Python script execution via subprocess. Sanitization: Absent. This risk is inherent to the skill's primary purpose and mitigated by its structured analytical persona.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:24 AM