stock-analyst
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform a complex sequence of system operations: creating HTML files in
D:\Downloads\, starting a local Python HTTP server, and automating a web browser to generate PDFs. This requires the agent to execute shell commands and interact with system services, which significantly expands the attack surface. - [EXTERNAL_DOWNLOADS]: The agent is directed to use
web_searchandweb_fetchto gather data from external financial websites such as East Money, Flush, and Sina Finance. This introduces untrusted external data into the agent's context. - [DATA_EXFILTRATION]: Starting a local HTTP server on a user's machine creates a risk of local data exposure. If the server is not strictly bound to the loopback interface or if the agent environment has network vulnerabilities, local files in the served directory could be accessed by other entities on the network.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: External data retrieved via
web_searchandweb_fetchfrom various financial news and data portals. - Boundary markers: None provided in the prompt to separate analysis instructions from the data being processed.
- Capability inventory: The skill has significant capabilities including file system write access to
D:\Downloads\, the ability to start network servers (Python HTTP server), and browser automation. - Sanitization: No explicit sanitization or validation of the fetched web content is defined before it is used to generate reports or influence system commands.
Audit Metadata