event-driven-detector
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing external market data. Evidence: 1. Ingestion points: Company events and market data ingested via views in 'references/data-queries.md'. 2. Boundary markers: Absent; no clear delimiters or instructions to ignore embedded commands in the data are provided. 3. Capability inventory: The skill can execute CLI commands and Python scripts ('SKILL.md'). 4. Sanitization: No evidence of validation or escaping for ingested market content.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Python scripts ('views_runner.py') and other CLI commands from a sibling directory ('../findata-toolkit-cn/scripts/'), which means it runs code located outside its own audited package.
- [EXTERNAL_DOWNLOADS]: The setup instructions require installing Python dependencies from an external 'requirements.txt' file located in a different directory ('../findata-toolkit-cn/'), which involves downloading and installing third-party packages.
Audit Metadata