investoday-finance-data
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: API Key Management. The skill correctly manages sensitive credentials by encouraging the use of environment variables and .env files. The call_api.py script includes logic to redact the API key from any error messages to prevent accidental exposure in logs.
- [SAFE]: Network Communication. The skill exclusively communicates with the vendor's domain (data-api.investoday.net), which is the official endpoint for the financial data service.
- [SAFE]: Indirect Prompt Injection Surface. The skill fetches financial news and announcements. Ingestion points: call_api.py fetches data from the InvestToday API. Boundary markers: No explicit delimiters in prompts. Capability inventory: Network access only; no dynamic execution (eval/exec) or file-system writing capabilities found. Sanitization: Standard for financial data retrieval. No malicious patterns detected.
Audit Metadata