tushare-finance
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it ingests untrusted text data from external financial sources into the agent's context. \n
- Ingestion points: Data returned from Tushare API endpoints such as financial news (news), company announcements (anns_d), and interactive investor Q&A platforms (irm_qa_sh, irm_qa_sz), as documented in multiple reference files (e.g., 'reference/接口文档/新闻快讯(短讯).md', 'reference/接口文档/上证e互动问答.md'). \n
- Boundary markers: Absent. The skill instructions do not specify delimiters or instructions to ignore embedded commands within the fetched data. \n
- Capability inventory: The skill has access to Bash(python:*) and Read tools, allowing the execution of Python code which could be influenced by injected instructions. \n
- Sanitization: Absent. No explicit filtering or validation of the external text content is performed before processing.
Audit Metadata