Skills
skills/himself65/finance-skills/funda-data/Gen Agent Trust Hub

funda-data

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements dynamic context injection via !command syntax in SKILL.md. This script executes shell commands automatically when the skill is loaded to detect FUNDA_API_KEY by checking the environment and searching for .env files in the working directory or git common directory using git, grep, and pwd.
  • [EXTERNAL_DOWNLOADS]: The skill performs numerous remote requests using curl to api.funda.ai to fetch various financial datasets, news summaries, and social media content.
  • [DATA_EXFILTRATION]: Authentication tokens (API keys) are transmitted to the external domain https://api.funda.ai. Additionally, the skill includes a proxy configuration for the Claude API (/v1/claude/v1/messages) that routes LLM traffic through the vendor's infrastructure.
  • [COMMAND_EXECUTION]: The skill generates shell command strings for the agent to execute, primarily using curl piped into python3 -m json.tool for data processing and formatting.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 10:42 AM