investment-validator
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) as it is designed to ingest financial data from various external APIs and web sources. If these sources were compromised, they could potentially influence the agent's behavior. \n
- Ingestion points: External financial data retrieved from Finnhub, Alpha Vantage, Financial Modeling Prep APIs, and web search results from Yahoo Finance, Google Finance, and SEC EDGAR. \n
- Boundary markers: Absent. The provided markdown templates for price and financial validation do not include delimiters or instructions to treat external content as untrusted data. \n
- Capability inventory: None. The skill consists entirely of markdown instructions (SKILL.md) and contains no scripts, binaries, or tools. \n
- Sanitization: Absent. There are no instructions for the agent to sanitize, escape, or filter the content retrieved from external sources. \n- No Code (SAFE): The skill contains only instructional markdown and templates. No executable files, scripts, or binary dependencies were detected, eliminating risks associated with direct command execution, malicious packages, or remote code execution.
Audit Metadata