stock-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python implementation uses
subprocess.check_outputto run a local authentication helper at/home/user/.local/bin/rebyte-auth. This is an expected behavior for managing credentials within the vendor's environment. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
edgartoolsandrequestslibraries to fetch financial data from external sources. - [DATA_EXFILTRATION]: The skill reads a local configuration file at
/home/user/.rebyte.ai/auth.jsonto obtain the necessary endpoint URLs for its API requests. - [PROMPT_INJECTION]: The skill processes external content from news articles and SEC filings, creating an indirect prompt injection surface. 1. Ingestion points: Market news API and SEC EDGAR filing text. 2. Boundary markers: Not explicitly used in the provided prompts. 3. Capability inventory: Includes subprocess execution, file system access for auth, and network requests. 4. Sanitization: No specific filtering or escaping of the ingested financial text is described.
Audit Metadata