financial-analysis-stock-screening
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a shell script (
bash run.sh) using arguments generated during the workflow. While the script facilitates quantitative screening, executing shell commands with arguments derived from external sources creates a potential risk if those sources contain malicious shell metacharacters. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data-handling workflow. It instructs the agent to ingest stock symbols and themes from live web search results and use them directly in subsequent command-line operations.
- Ingestion points: External data from web search results (SKILL.md, Step 2).
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore instructions embedded in the search results.
- Capability inventory: Shell execution of local scripts via
bash(run.sh and SKILL.md, Step 3). - Sanitization: Not present; the instructions do not mandate validation or sanitization of the symbols retrieved from the web before they are passed to the shell script.
Audit Metadata