sentiment-reality-gap
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes instructions to execute local bash commands for environment activation and to run data retrieval scripts (e.g.,
views_runner.py) from a sibling directory (findata-toolkit-cn). These are intended operations for local data processing and environment management. - [EXTERNAL_DOWNLOADS]: The skill uses
pipto install dependencies from a local requirements file, which is a standard procedure for managing Python-based tool environments. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of ingesting and analyzing unstructured market sentiment data from external social media and news platforms.
- Ingestion points: The workflow identifies 'Media/Sentiment' and social media platforms like 'Xueqiu' and 'Guba' as primary data inputs in
SKILL.mdandreferences/gap-analysis-methodology.md. - Boundary markers: The provided methodology and templates do not include specific delimiters or instructions to ignore embedded prompts within the ingested market data.
- Capability inventory: The skill is capable of executing local scripts and performing network requests through its associated data toolkit.
- Sanitization: The documentation does not describe explicit sanitization, validation, or filtering of external content, relying instead on the underlying agent's standard safety protocols.
Audit Metadata