fund-deep-research

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes official Alibaba Cloud (DashScope) MCP endpoints (dashscope.aliyuncs.com) to fetch financial and fund manager data, which aligns with the skill's stated purpose and vendor attribution.
  • [SAFE]: External data ingestion occurs through financial information tools such as BatchGetFundsDetail and FundManagerInfoReport. (1) Ingestion points: MCP tool outputs from qieman and gildata-aidata. (2) Boundary markers: Absent. (3) Capability inventory: Text analysis and data visualization via RenderEchart. (4) Sanitization: Not explicitly defined. While boundary markers are absent, the data source is a managed enterprise API service, limiting the risk of indirect prompt injection.
  • [SAFE]: Visualizations are generated using a dedicated rendering tool with structured JSON inputs, preventing arbitrary code execution and maintaining clear separation between data and presentation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:38 AM
Security Audit — agent-trust-hub — fund-deep-research