stress-test
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a localized Python script (
run_stress_test.py) to process financial data. User-supplied arguments such as portfolio symbols and scenarios are interpolated into the command line for the script's execution. - [EXTERNAL_DOWNLOADS]: The script fetches public market data, including price history and fundamental stock information, through a Yahoo Finance client. This is a legitimate functional requirement for the skill's purpose and uses established financial data sources.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external data from market APIs and presents it to the AI for qualitative interpretation. While malicious metadata in a data provider's response could theoretically attempt to influence the final report, the risk is mitigated by the structured nature of the data processing and the use of markdown headers as boundary markers.
Audit Metadata