equity-research-analyst

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides explicit instructions to persist sensitive environment variables by appending export commands to the user's shell configuration file. Evidence: references/tradings-api-docs/README.md contains the instruction echo 'export RAPIDAPI_KEY="your_key_here"' >> ~/.zshrc.
  • [REMOTE_CODE_EXECUTION]: The research workflow involves generating and executing Python code at runtime to create complex financial charts and dashboards. Evidence: references/initiating-coverage/task4-chart-generation.md contains detailed Python logic using matplotlib and seaborn intended for execution by the agent.
  • [DATA_EXFILTRATION]: The skill performs network requests to fetch market and company data from an external API service hosted on a third-party platform. Evidence: references/tradings-api.md and related workflow files define various endpoints on tradingview-data1.p.rapidapi.com for retrieving metrics via curl.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted external data (such as transcripts and SEC filings) while possessing significant file-writing and code execution capabilities. 1. Ingestion points: references/earnings-analysis/workflow.md (ingests earnings call transcripts and SEC filings). 2. Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the ingested data. 3. Capability inventory: The agent uses tools for file operations (DOCX skill, XLSX skill), Python execution, and network retrieval (curl). 4. Sanitization: Absent. The skill does not specify sanitization or validation of the retrieved external content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 19, 2026, 06:51 PM
Security Audit — agent-trust-hub — equity-research-analyst