akshare
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is properly scoped to fetching financial data. All scripts are transparent wrappers around the 'akshare' library and do not attempt any unauthorized system access or perform hidden operations.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive data exposure or exfiltration risks were identified. The skill does not access private files (e.g., .ssh, .aws) or environment variables and explicitly states that no API keys are required for operation.
- [PROMPT_INJECTION]: Analysis of the markdown instructions and script comments found no attempts to bypass safety filters, extract system prompts, or override agent behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface from external financial sources. However, the risk is minimal as the data processed consists of structured numeric and temporal records (OHLCV, volume, dates).
- Ingestion points: Scripts in the
scripts/folder call AKShare APIs which fetch data from various financial web services (e.g., EastMoney, Sina, Binance). - Boundary markers: The scripts return data as structured JSON objects, facilitating safe parsing by the agent.
- Capability inventory: Subprocess calls are limited to the agent executing the provided Python scripts for the purpose of data retrieval.
- Sanitization: The skill relies on the 'akshare' and 'pandas' libraries to parse raw web data into structured types before being presented to the agent.
Audit Metadata