volatility-regime-monitor
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes scripts from a sibling directory ('../findata-toolkit-cn/scripts/views_runner.py') using the python command as specified in 'references/data-queries.md'.
- [EXTERNAL_DOWNLOADS]: The skill performs package installation via pip using a requirements file located outside the skill's own directory ('../findata-toolkit-cn/requirements.txt').
- [CREDENTIALS_UNSAFE]: The skill documentation in 'references/data-queries.md' instructs users to set environment variables such as 'XUEQIU_TOKEN' to manage authentication for external financial data APIs, which may lead to credential exposure if the environment is not secured.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests financial data from external sources (East Money, Xueqiu) via the toolkit and processes it to generate analysis. There are no explicit boundary markers or sanitization logic mentioned to prevent data from these sources from influencing agent behavior.
Audit Metadata