st-delist-risk-scanner
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts and activates environments from directories outside its own skill folder, which is a risk if the surrounding workspace is not verified.
- Evidence: SKILL.md and references/data-queries.md instruct the agent to run 'python ../findata-toolkit-cn/scripts/views_runner.py'.
- Evidence: The skill requires activating a virtual environment from a parent directory using 'source ../../.venv/bin/activate'.
- [EXTERNAL_DOWNLOADS]: The skill triggers package installations from a local requirements file located in a sibling directory.
- Evidence: references/data-queries.md includes 'python -m pip install -r ../findata-toolkit-cn/requirements.txt'.
- [PROMPT_INJECTION]: Indirect prompt injection risk exists because the skill processes financial data retrieved from external platforms like EastMoney and Baidu.
- Ingestion points: Data is fetched via AKShare tools for risk warning boards and trade notifications as described in references/data-queries.md.
- Boundary markers: No explicit delimiters or safety instructions are provided to help the agent distinguish between data and embedded commands.
- Capability inventory: The skill has the ability to execute shell commands and install packages.
- Sanitization: There is no evidence of input validation or content filtering for the data retrieved from external financial URLs.
Audit Metadata