longbridge-financial-checkup
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
longbridgeCLI tool to fetch financial data in JSON format for analysis. This is limited to fetching three-statement financials and operating metrics via specific subcommands. - [EXTERNAL_DOWNLOADS]: The skill references a vendor-specific MCP endpoint at
https://openapi.longbridge.com/mcpas a fallback for data retrieval. This URL belongs to the skill author's infrastructure and is used for its intended purpose of data retrieval. - [PROMPT_INJECTION]: The skill processes external financial data (JSON) retrieved from an API.
- Ingestion points: Data returned from
longbridge financial-reportandlongbridge operatingcommands. - Boundary markers: The skill does not explicitly define delimiters for the ingested data.
- Capability inventory: No file-writing capabilities, general network access (outside of defined tools), or arbitrary code execution capabilities are present.
- Sanitization: The skill assumes the data returned from the official API is structured and does not include sanitization logic for the JSON content.
- [SAFE]: No evidence of malicious behavior, credential exfiltration, obfuscation, or persistence mechanisms was found. The skill operates within its stated purpose of financial analysis using vendor-provided data tools.
Audit Metadata