Skills
skills/z0gsh1u/longterm-agu/investment-analysis/Gen Agent Trust Hub

investment-analysis

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads multiple CSV data files and news summaries from a remote server that is not a recognized trusted vendor or service.
  • Evidence: scripts/update-data.sh uses curl to fetch files from https://zxuuu.link/longterm-agu/data.
  • [COMMAND_EXECUTION]: The skill instructions require the agent to execute shell scripts directly to update and verify data, which increases the attack surface for local command injection or environment manipulation.
  • Evidence: SKILL.md mandates running scripts/update-data.sh and scripts/check-data.sh.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes news data summaries from an untrusted external source without sanitization or strict boundary markers.
  • Ingestion points: assets/data/news_breakfast.csv (read in the 'Step 4: 消息面分析' section of SKILL.md).
  • Boundary markers: None identified in the skill instructions to prevent the agent from following instructions embedded in the news data.
  • Capability inventory: The skill has the ability to execute shell scripts and write files to the ./reports/ directory.
  • Sanitization: No sanitization or validation of the downloaded news content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 06:01 PM