Skills
skills/zhangga/aihub/finviz-screener/Gen Agent Trust Hub

finviz-screener

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to open the system's browser with the constructed FinViz URL. Analysis of scripts/open_finviz_screener.py confirms that commands are executed using argument lists rather than shell strings, and all inputs are strictly validated against allow-list regular expressions (_TOKEN_RE, _SLUG_RE, _ORDER_RE) and URL-encoded. This effectively mitigates command and URL injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill does not download or execute remote code. It relies exclusively on the standard Python library and local scripts provided in the skill package.
  • [CREDENTIALS_UNSAFE]: The skill accesses the $FINVIZ_API_KEY environment variable to determine if it should use the 'Elite' version of the FinViz domain. This is a standard and secure practice for handling user-managed secrets without hardcoding or exfiltrating them.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 08:18 AM