Skills
skills/yuping322/finskills/hk-concentration-risk/Gen Agent Trust Hub

hk-concentration-risk

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation describes the usage of a local Python script scripts/concentration_risk.py with various command-line arguments for monitoring, metrics, and optimization (e.g., --monitor, --metrics, --optimize). This is standard functionality for the described financial analysis tool.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data sources such as portfolio holding data, market data, and risk factor data.
  • Ingestion points: Data enters the context via the scripts/concentration_risk.py script as specified in the '数据源' (Data Sources) section of SKILL.md.
  • Boundary markers: None are explicitly defined in the provided documentation to distinguish between instructions and ingested data.
  • Capability inventory: The script performs data analysis, risk calculation, and generates reports in table and JSON formats.
  • Sanitization: Not visible in the provided documentation; analysis is based on the functional description.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:23 AM