theme-detector
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it requires the agent to ingest and process untrusted data from the web.
- Ingestion points: The agent is instructed to perform WebSearch queries for market themes and evaluate the findings to adjust confidence levels (SKILL.md, Step 4).
- Boundary markers: Absent. The instructions do not define delimiters or specific markers to separate external search content from the agent's internal reasoning.
- Capability inventory: The skill executes local Python scripts (
theme_detector.py) and writes files to thereports/directory. - Sanitization: Absent. External narrative data is evaluated directly by the model without filtering.
- [EXTERNAL_DOWNLOADS]: The skill intentionally fetches market data from established financial services.
- Fetches market and stock metrics from the Financial Modeling Prep (FMP) and FINVIZ APIs to populate theme scores.
- Downloads historical sector trend data in CSV format from a public GitHub repository (
tradermonty/uptrend-dashboard). - These network operations are strictly for data acquisition and are standard for the skill's purpose.
Audit Metadata