Skills
skills/yuping322/finskills/goodwill-risk-monitor/Gen Agent Trust Hub

goodwill-risk-monitor

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands to activate a virtual environment and run Python scripts from a path outside the skill directory. Evidence: File 'references/data-queries.md' contains 'source ../../.venv/bin/activate' and 'python ../findata-toolkit-cn/scripts/views_runner.py'.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the installation of Python dependencies from an external requirements file, which involves fetching packages from the Python Package Index (PyPI). Evidence: File 'references/data-queries.md' contains 'python -m pip install -r ../findata-toolkit-cn/requirements.txt'.
  • [DATA_EXFILTRATION]: The skill uses the 'XUEQIU_TOKEN' environment variable for authenticated data fetching. While this is a standard API pattern for the vendor's intended functionality, it involves the handling of sensitive credentials for network-based data retrieval.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:23 AM