portfolio-alert-narrator
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official Aliyun MCP data services (dashscope.aliyuncs.com) to fetch financial information, such as fund NAV history and announcements. This interaction is consistent with the stated purpose of the skill and the author's identity (aliyun).
- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized local file system access were identified.
- [SAFE]: The skill processes external data (fund announcements and stock news) which constitutes an indirect prompt injection surface. However, this is a standard feature for financial analysis and the skill is limited to safe tool invocations. 1. Ingestion points: SKILL.md (via tools GetAnnouncementContent and StockNewslist). 2. Boundary markers: Absent. 3. Capability inventory: Restricted to analytical MCP tools. 4. Sanitization: Not specified.
Audit Metadata