hk-southbound-flow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or hardcoded credentials were detected in the skill files.
- [COMMAND_EXECUTION]: The documentation references the execution of a Python script (scripts/southbound_flow.py) to perform data analysis and generate reports.
- [NO_CODE]: The skill references a functional script in its usage instructions, but the file was not included in the provided package.
- [PROMPT_INJECTION]: The skill processes data from external financial sources, representing a potential surface for indirect prompt injection. Ingestion points: HKEX, SSE, and SZSE data sources mentioned in SKILL.md and methodology.md. Boundary markers: None identified in the prompt structure. Capability inventory: Execution of local Python scripts for data processing and output generation. Sanitization: No specific data validation or sanitization logic is described in the methodology.
Audit Metadata