Skills
skills/longbridge/skills/longbridge-insresearch/Gen Agent Trust Hub

longbridge-insresearch

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines workflows that execute the longbridge command-line tool (e.g., longbridge institution-rating, longbridge consensus, and longbridge forecast-eps) to retrieve financial data in JSON format.
  • [PROMPT_INJECTION]: The skill identifies a potential attack surface for indirect prompt injection by interpolating user-provided stock symbols into shell commands.
  • Ingestion points: Untrusted user input enters the execution context through the <SYMBOL> placeholder in the CLI command templates defined in SKILL.md.
  • Boundary markers: Absent. There are no explicit delimiters used to separate the user-provided symbol from the command structure, although the skill instructs the agent to "Normalise the symbol" first.
  • Capability inventory: The skill possesses the capability to execute shell commands via the longbridge CLI.
  • Sanitization: The workflow includes a step to "Normalise the symbol to <CODE>.<MARKET>", which acts as a validation step to ensure the input conforms to expected stock symbol formats before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 04:42 AM