hedge-fund-13f-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill retrieves data from public financial sources, including official government websites (SEC EDGAR) and well-known financial aggregators like dataroma.com and 13f.info. This activity is consistent with the skill's primary purpose of equity research.
- [COMMAND_EXECUTION]: The skill instructs the agent to persist its findings by writing a report to the local file system (e.g.,
stocks/13f-overlap.md). This is a legitimate use of file-system access for documenting research results. - [PROMPT_INJECTION]: The skill processes content from external websites, which introduces a surface for indirect prompt injection. However, the instructions explicitly guide the agent to extract specific structured data (tickers, share counts, market values) rather than executing arbitrary instructions found in the data, which significantly mitigates this risk.
Audit Metadata