shareholder-structure-monitor
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Python scripts from a relative path (
../findata-toolkit-cn/scripts/views_runner.py) that is outside the skill's directory. This allows for the execution of code not contained within the audited package. - [EXTERNAL_DOWNLOADS]: The skill performs environment setup by running
pip installon a requirements file located in a parent directory (../findata-toolkit-cn/requirements.txt), which involves downloading and installing unverified third-party dependencies. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data.
- Ingestion points: Aggregates data from multiple third-party financial platforms (EastMoney, Sina, THS, SSE, SZSE, BSE, CNINFO) and processes user-provided tables or screenshots (SKILL.md, references/data-queries.md).
- Boundary markers: Absent. The logic does not specify delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The skill has the ability to execute shell commands and Python scripts as part of its data retrieval workflow.
- Sanitization: No validation or sanitization of the external data is performed before it is processed by the agent.
Audit Metadata