equity-research-analyst
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit instructions to persist sensitive environment variables by appending export commands to the user's shell configuration file. Evidence:
references/tradings-api-docs/README.mdcontains the instructionecho 'export RAPIDAPI_KEY="your_key_here"' >> ~/.zshrc. - [REMOTE_CODE_EXECUTION]: The research workflow involves generating and executing Python code at runtime to create complex financial charts and dashboards. Evidence:
references/initiating-coverage/task4-chart-generation.mdcontains detailed Python logic usingmatplotlibandseabornintended for execution by the agent. - [DATA_EXFILTRATION]: The skill performs network requests to fetch market and company data from an external API service hosted on a third-party platform. Evidence:
references/tradings-api.mdand related workflow files define various endpoints ontradingview-data1.p.rapidapi.comfor retrieving metrics viacurl. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted external data (such as transcripts and SEC filings) while possessing significant file-writing and code execution capabilities. 1. Ingestion points:
references/earnings-analysis/workflow.md(ingests earnings call transcripts and SEC filings). 2. Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the ingested data. 3. Capability inventory: The agent uses tools for file operations (DOCX skill,XLSX skill), Python execution, and network retrieval (curl). 4. Sanitization: Absent. The skill does not specify sanitization or validation of the retrieved external content.
Recommendations
- AI detected serious security threats
Audit Metadata