financial-deep-research
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions under the "AUTONOMY PRINCIPLE" and "Clarify" sections that direct the agent to proceed independently and avoid asking for user confirmation or clarification. This pattern attempts to override standard agent-user interaction guardrails to maximize autonomy.
- [COMMAND_EXECUTION]: The workflow relies on executing local Python scripts (
research_engine.py,validate_report.py,citation_manager.py,source_evaluator.py,verify_citations.py,md_to_html.py,verify_html.py) to manage the orchestration, validation, and packaging of financial reports. These scripts use the Python standard library to perform file operations and data parsing. - [EXTERNAL_DOWNLOADS]: The citation verification script (
verify_citations.py) performs network requests usingurllib.requesttosec.govanddoi.orgto verify the authenticity of financial filings and research papers. It also performs network connectivity checks on arbitrary URLs gathered from web search results during the research phases.
Audit Metadata