dividend-aristocrat-calculator
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage its environment and run analysis scripts. Evidence found in
references/data-queries.mdincludes commands for activating a virtual environment and executing Python scripts such asstock_data.pyandsec_edgar.pylocated in a sibling directory (../findata-toolkit/). - [EXTERNAL_DOWNLOADS]: The skill configuration requires the agent to install Python dependencies from a local requirements file using
pip, which involves fetching software packages from external registries like PyPI. This is documented in the setup instructions inreferences/data-queries.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, potentially attacker-influenced sources such as SEC EDGAR filings.
- Ingestion points: External financial data and SEC filings are fetched using the scripts listed in
references/data-queries.md. - Boundary markers: The provided documentation does not specify the use of delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill has the capability to execute shell commands and perform file-based data processing through its associated toolkit.
- Sanitization: No sanitization or validation logic is present in the provided files to filter malicious content from the ingested financial data.
Audit Metadata