finance-news
Fail
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
newscommand in thescripts/finance-newsbash script is vulnerable to command injection. It takes a user-supplied ticker symbol and interpolates it directly into a Python snippet executed viapython3 -c. A symbol likeAAPL'); import os; os.system('id')#would break out of the string literal and execute arbitrary shell commands. - [PROMPT_INJECTION]: The skill ingests untrusted content from various financial RSS feeds (headlines and descriptions) and incorporates them into prompts for LLM-based summarization and research. Because the skill has the capability to send messages to WhatsApp/Telegram and execute local commands via
subprocess, it is a viable target for indirect prompt injection attacks despite the presence of a hardened system prompt. - [COMMAND_EXECUTION]: Multiple scripts including
scripts/summarize.py,scripts/research.py, andscripts/briefing.pymake extensive use ofsubprocess.runto call external CLI tools such asollama,agy,openclaw, andopenbb-quote. - [COMMAND_EXECUTION]: The
scripts/openbb-quoteutility performs dynamic code execution by constructing a Python script as a string and piping it into a Python interpreter via stdin. - [SAFE]: Credentials such as
FINNHUB_API_KEYandKIMI_API_KEYare managed through environment variables or local.envfiles, which is consistent with secure development practices for this platform.
Recommendations
- AI detected serious security threats
Audit Metadata