tushare-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides clear instructional metadata for tool usage. No attempts to override agent constraints or bypass safety protocols were identified. Instructions are focused on data retrieval and storage management.
- [DATA_EXFILTRATION]: Network operations are restricted to the official Tushare API (api.tushare.pro) for fetching financial data requested by the user. No sensitive local files (like SSH keys or AWS credentials) are accessed or transmitted externally.
- [CREDENTIALS_UNSAFE]: Authentication is correctly handled through the TUSHARE_API_KEY environment variable. No hardcoded secrets or API tokens were found in the codebase or configuration examples.
- [REMOTE_CODE_EXECUTION]: The skill relies on standard Python packages (pandas, tushare, fastmcp). No patterns of remote script execution or unsafe use of eval/exec on untrusted input were detected.
- [COMMAND_EXECUTION]: No arbitrary command execution vectors were found. System interactions are limited to standard network requests and local SQLite database persistence for caching financial data.
Audit Metadata