valuation-regime-detector
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Python scripts (e.g.,
views_runner.py) from a relative path (../findata-toolkit-cn/scripts/) to perform financial data queries.\n- [EXTERNAL_DOWNLOADS]: The skill performs automated package installation viapipfrom a requirements file located in a sibling directory outside the skill's local scope.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and summarizes external financial data from third-party sources.\n - Ingestion points: External financial metrics (PE, PB, GDP) fetched via
views_runner.py(AKShare data).\n - Boundary markers: None identified in the instructional content.\n
- Capability inventory: Shell command execution (Python script execution).\n
- Sanitization: No specific sanitization or validation of the retrieved financial data is described prior to summarization.
Audit Metadata