finance-news

Fail

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The news command in the scripts/finance-news bash script is vulnerable to command injection. It takes a user-supplied ticker symbol and interpolates it directly into a Python snippet executed via python3 -c. A symbol like AAPL'); import os; os.system('id')# would break out of the string literal and execute arbitrary shell commands.
  • [PROMPT_INJECTION]: The skill ingests untrusted content from various financial RSS feeds (headlines and descriptions) and incorporates them into prompts for LLM-based summarization and research. Because the skill has the capability to send messages to WhatsApp/Telegram and execute local commands via subprocess, it is a viable target for indirect prompt injection attacks despite the presence of a hardened system prompt.
  • [COMMAND_EXECUTION]: Multiple scripts including scripts/summarize.py, scripts/research.py, and scripts/briefing.py make extensive use of subprocess.run to call external CLI tools such as ollama, agy, openclaw, and openbb-quote.
  • [COMMAND_EXECUTION]: The scripts/openbb-quote utility performs dynamic code execution by constructing a Python script as a string and piping it into a Python interpreter via stdin.
  • [SAFE]: Credentials such as FINNHUB_API_KEY and KIMI_API_KEY are managed through environment variables or local .env files, which is consistent with secure development practices for this platform.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 12, 2026, 04:12 AM
Security Audit — agent-trust-hub — finance-news