Skills
skills/lzwme/finance-quant-skills/pywencai/Gen Agent Trust Hub

pywencai

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the pywencai library from the Python Package Index (PyPI) and references a public repository on GitHub.
  • [COMMAND_EXECUTION]: Provides instructions for the user to execute shell commands to install and upgrade dependencies using pip.
  • [CREDENTIALS_UNSAFE]: Manages sensitive session cookies required for API authentication. The skill explicitly guides users to manage these via environment variables (WENCAI_COOKIE) or local files, which is a secure alternative to hardcoding.
  • [DYNAMIC_EXECUTION]: The pywencai library requires a Node.js environment to execute JavaScript code at runtime, which is used to generate the necessary security tokens for the Wencai platform.
  • [PROMPT_INJECTION]: The skill ingests natural language query results from an external web service and provides the capability to write this data to the local file system (Excel).
  • Ingestion points: External data retrieved from iwencai.com via the pywencai.get function.
  • Boundary markers: Absent; data from the external source is processed as structured objects without explicit delimiters.
  • Capability inventory: Local file system write access via pandas.ExcelWriter in provided examples.
  • Sanitization: No specific sanitization or validation of the API response data is implemented before file output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:18 AM