findata-toolkit-hk
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various Python scripts (e.g., scripts/hk_stock_data.py, scripts/southbound_flow.py) from the local scripts directory to fetch and process market data.
- [EXTERNAL_DOWNLOADS]: The skill references a requirements.txt file for managing Python dependencies during installation.
- [EXTERNAL_DOWNLOADS]: The toolkit connects to well-known and reputable financial services, specifically the Hong Kong Stock Exchange (hkex.com.hk), to retrieve real-time data.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to data ingestion from external web sources. 1. Ingestion points: Market and financial data fetched from HKEX and HKMA (via scripts/). 2. Boundary markers: No delimiters or ignore instructions are specified for external data. 3. Capability inventory: Local command execution for data display and JSON output. 4. Sanitization: No explicit validation or sanitization of remote data is mentioned in the documentation.
Audit Metadata