margin-risk-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform shell operations including activating a Python virtual environment (
source ../../.venv/bin/activate) and running data processing scripts (python ../findata-toolkit-cn/scripts/views_runner.py). This behavior is integral to the skill's purpose of financial data analysis. - [EXTERNAL_DOWNLOADS]: The skill uses
pip install -r ../findata-toolkit-cn/requirements.txtto install necessary Python dependencies. This involves fetching packages from external registries like PyPI. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion workflow.
- Ingestion points: User-provided data from third-party platforms, exports, or copied tables (identified in Step 2 of
SKILL.md). - Boundary markers: None identified. The instructions do not define delimiters for user data or specify that the agent should ignore instructions embedded within the data.
- Capability inventory: Subprocess execution via Python scripts, shell command execution, and file system access for script execution.
- Sanitization: The skill lacks explicit sanitization or validation logic for the external data before it is parsed and processed by the agent.
Audit Metadata