market-event-interpreter
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill integrates with Aliyun DashScope MCP services (
dashscope.aliyuncs.com) to retrieve market insights and news. These are official endpoints associated with the vendor and represent standard data-fetching operations for a financial analysis tool. - [SAFE]: No evidence of prompt injection, credential harvesting, or persistence mechanisms was found. The skill's operations are limited to data retrieval through defined tools and text generation based on structured templates.
- [SAFE]: While the skill ingests external financial data (indirect ingestion surface), it lacks dangerous execution capabilities (sinks) such as shell access or file system writes, making the risk of indirect prompt injection negligible.
- Ingestion points: External news (
SearchFinancialNews), AI analysis (searchRealtimeAiAnalysis), and policy data (PolicyMeetingsList) are ingested into the prompt context. - Boundary markers: The skill uses a structured output template and distinct execution steps to separate data gathering from generation.
- Capability inventory: The skill only has read access to financial tools and does not have access to sensitive local files or arbitrary command execution.
- Sanitization: The skill relies on the underlying platform's MCP security model for tool access control.
Audit Metadata