longbridge-corporate-events

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the longbridge CLI tool (subcommands: news, filing, corp-action, shareholder, finance-calendar) to retrieve financial data. These are vendor-specific resources originating from the skill's author ('longbridge').
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external content such as corporate filings, news, and regulatory announcements. This data represents an attack surface where third-party text could attempt to influence the agent's sentiment analysis or event classification.
  • Ingestion points: Data enters the context via longbridge news, longbridge filing, and longbridge corp-action commands.
  • Boundary markers: The instructions request JSON format from tools but do not define explicit delimiters (like XML tags) to separate untrusted data from the agent's internal instructions.
  • Capability inventory: The skill is confined to data retrieval and analysis; it does not possess capabilities for file-system modification or arbitrary network requests.
  • Sanitization: There is no explicit sanitization or filtering logic applied to the external text before it is classified by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 12:26 PM
Security Audit — agent-trust-hub — longbridge-corporate-events