Skills
skills/jsoncodechina/wind-skills/wind-financial-data-skill/Gen Agent Trust Hub

wind-financial-data-skill

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads API keys from ~/.wind-aimarket/config and a local config.json file. This is documented as its intended mechanism for credential management.
  • [COMMAND_EXECUTION]: The cli.mjs script uses child_process.spawn to execute system commands (open, start, or xdg-open) to open the official Wind developer portal URL in the user's browser.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with https://mcp.wind.com.cn/ to fetch financial data. Wind is a well-known and established financial information provider.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes financial documents and news via RAG (Retrieval-Augmented Generation). While these external sources could theoretically contain adversarial text, the skill implements standard data retrieval for its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 09:08 AM
Security Audit — agent-trust-hub — wind-financial-data-skill