investment-memo-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted external data from public sources (e.g., A-share company announcements and financial news).
- Ingestion points: Data is ingested through tools like
stock_notice_report,stock_individual_info_em, andstock_zh_a_histas described inreferences/methodology.md. - Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from following malicious instructions hidden within the ingested financial data.
- Capability inventory: The skill can execute local Python scripts and shell commands to process data, as defined in
references/data-queries.md. - Sanitization: Absent. No evidence of input validation or sanitization for external data content is provided.
- [COMMAND_EXECUTION]: The skill instructions involve the execution of shell commands and Python scripts located in sibling directories.
- Evidence:
references/data-queries.mdinstructs the agent to activate a virtual environment (source ../../.venv/bin/activate) and execute a runner script (python ../findata-toolkit-cn/scripts/views_runner.py). These scripts are part of thefindata-toolkit-cnresource, which is associated with the author's workflow. - [EXTERNAL_DOWNLOADS]: The skill initiates the installation of external dependencies during its environment setup.
- Evidence: In
references/data-queries.md, the commandpython -m pip install -r ../findata-toolkit-cn/requirements.txtis used to install Python packages. While these dependencies are for the vendor's own toolkit, they are pulled from public registries at runtime.
Audit Metadata