Skills
skills/okikusan-public/stock_skills/screen-stocks/Gen Agent Trust Hub

screen-stocks

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external financial and social APIs, which presents a surface for indirect prompt injection attacks.\n
  • Ingestion points: External data is fetched from Yahoo Finance and the Grok API in scripts/run_screen.py and subsequently displayed to the agent.\n
  • Boundary markers: The skill's output does not use explicit boundary markers or instructions to isolate external data from the agent's core instructions.\n
  • Capability inventory: The skill is authorized to use the Bash tool to execute Python scripts, providing a potential path for exploitation if the agent is misled by injected instructions.\n
  • Sanitization: No sanitization or filtering of the API responses is performed in the entry point script to remove potential malicious instruction patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 11:42 AM