market-sizing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest data from multiple external sources (AkShare, FRED, yfinance, World Bank, etc.) to populate analysis reports. This creates an attack surface for indirect prompt injection where malicious content within external data fields could attempt to influence the agent's reasoning or the content of the generated reports.
- Information Disclosure (LOW): Multiple scripts, including
scripts/fill_aviation_data.pyandscripts/generate_cat_food_excel.py, contain hardcoded absolute Windows file paths (e.g.,C:\Users\lenovo\...). This reveals information about the developer's local system environment and username. - External Dependencies (LOW): The skill relies on a wide array of third-party Python libraries for data retrieval and report generation. Although these are reputable data science packages, the reliance on external endpoints for core functionality introduces a supply chain risk that requires monitoring of package versions and data integrity.
Audit Metadata