Skills
skills/quanhua92/aipriceaction/aipa-data/Gen Agent Trust Hub

aipa-data

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the aipa CLI tool and package managers such as uv or pip to fetch market data and manage the environment.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of the aipa-cli package from the Python Package Index (PyPI) through installation commands or the uvx runtime.
  • [REMOTE_CODE_EXECUTION]: By utilizing uvx aipa-cli or pip install, the skill executes code retrieved from a remote registry. This is the intended delivery mechanism for the author's financial analysis tools.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes financial market data from external sources (S3 archives) that could potentially be manipulated.
  • Ingestion points: Data returned from aipa get-ohlcv-data, aipa performers, and other CLI commands in SKILL.md.
  • Boundary markers: Absent; there are no specific instructions for the agent to encapsulate or sanitize the data retrieved from the CLI.
  • Capability inventory: The skill allows shell command execution and environment modification (via pip and uvx).
  • Sanitization: Absent; the agent is instructed to present raw market data as fetched.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 02:30 AM
Security Audit — agent-trust-hub — aipa-data