financial-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python-based logic for technical and fundamental analysis. It uses standard libraries and does not employ unsafe methods like eval() or exec() on external inputs. Subprocess calls are limited to standard library interactions (e.g., via yfinance).
- [EXTERNAL_DOWNLOADS]: The skill connects to established financial data providers including Finnhub, Alpha Vantage, Polygon.io, and the SEC EDGAR system. It also fetches news from a wide variety of reputable financial outlets such as Nasdaq, CNBC, and MarketWatch. These downloads are essential for the skill's functionality.
- [CREDENTIALS_UNSAFE]: The skill manages API keys by storing them in a local configuration file (~/.financial-analysis/api_keys.json) or reading them from environment variables. There are no hardcoded secrets, and keys are only sent to the corresponding legitimate API endpoints.
- [PROMPT_INJECTION]: The skill processes untrusted content from RSS feeds and social media posts. While this creates a surface for indirect prompt injection, the risk is mitigated by the skill's data-focused nature (extracting tickers and computing numeric sentiment scores) rather than directly summarizing or acting upon the text content without constraints.
- [SAFE]: Overall, the skill's code is transparent, well-documented, and behaves exactly as described in its documentation.
Audit Metadata