aipa-analyze
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install or run the
aipa-clipackage from PyPI usinguvxorpip. These are standard package management operations but involve downloading external code. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing shell commands (
aipa-cli,uvx,pip). - [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The
aipa analyzecommand fetches ticker data and news/events research from external web sources as described in the 'News & Events Research' template inSKILL.md. - Boundary markers: The documentation does not specify the use of delimiters or boundary markers to separate fetched web content from agent instructions.
- Capability inventory: The agent has the capability to execute shell commands via the
aipaCLI across various subcommands. - Sanitization: There is no evidence of sanitization or filtering of the external data fetched during the research process before it is presented to the model.
Audit Metadata