longbridge-northbound-flow
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill utilizes the 'longbridge' command-line tool and MCP resources provided by the same vendor to fetch financial data. No malicious behavior or safety guideline violations were detected.
- [COMMAND_EXECUTION]: The skill uses shell commands (e.g.,
longbridge capital,longbridge ah-premium) to retrieve stock market information. These are legitimate uses of the vendor's own infrastructure and are executed with the user's expected context. - [EXTERNAL_DOWNLOADS]: Refers users to 'hkex.com.hk' for official market data. This is a well-known, authoritative financial source and is treated as safe.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external APIs via the CLI. While this represents a theoretical attack surface common to all data-ingesting tools, the use of structured JSON output and the specific financial context minimizes the risk of malicious instruction injection.
Audit Metadata