portfolio-monitor-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to activate virtual environments and run analysis scripts. Evidence: references/data-queries.md includes commands like source ../../.venv/bin/activate and python ../findata-toolkit-cn/scripts/views_runner.py.
- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of Python packages via pip, requiring network access. Evidence: references/data-queries.md contains python -m pip install -r ../findata-toolkit-cn/requirements.txt.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Mandatory Evidence Chain: 1. Ingestion points: User-provided stock pools and external market data (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Python execution (references/data-queries.md). 4. Sanitization: Absent.
Audit Metadata