disclosure-notice-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts and shell commands to manage its environment and fetch data. It activates a virtual environment and runs a data fetching script located in a sibling directory (
../findata-toolkit-cn/scripts/views_runner.py). - [EXTERNAL_DOWNLOADS]: The skill installs Python dependencies via
pip installfrom a requirements file located in a sibling directory (../findata-toolkit-cn/requirements.txt). This is a standard procedure for the vendor's toolkit and does not involve untrusted remote execution scripts likecurl | bash. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests untrusted data from external financial sources (e.g., AKShare, Cninfo) to analyze corporate announcements.
- Ingestion points: Data is pulled from external financial APIs and web sources via the
views_runner.pyscript as defined inreferences/data-queries.md. - Boundary markers: The skill uses a structured analytical framework defined in
references/methodology.md, but lacks explicit delimiters or instructions to ignore embedded prompts within the processed announcement text. - Capability inventory: The skill can execute subprocesses (
python) and read/write to a local cache directory (/tmp/finskills-cache). - Sanitization: No explicit sanitization or filtering of external announcement content is mentioned before it is processed by the LLM.
Audit Metadata