Skills
skills/ricequant/ricequant-skills/rq-thesis-tracker/Gen Agent Trust Hub

rq-thesis-tracker

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and renders untrusted content from external sources.\n
  • Ingestion points: Untrusted data enters the agent context through web_search_findings.json (populated via web searches) and user-supplied thesis_definition.json.\n
  • Boundary markers: The skill uses a template system (assets/template.md) with [[TOKEN]] delimiters to interpolate data fields during the report generation process.\n
  • Capability inventory: The skill is capable of file system writes, executing the vendor's rqdata CLI, and running shell commands for HTML rendering.\n
  • Sanitization: The processing script scripts/generate_report.py applies basic whitespace normalization but does not perform character escaping or validation to prevent Markdown or HTML injection within the ingested content.\n- [COMMAND_EXECUTION]: The script scripts/generate_report.py utilizes subprocess.run to invoke report rendering utilities like rq-report-renderer. These calls are performed with controlled arguments derived from internal file paths and vendor tool paths.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves financial data through the rqdata CLI and gathers market context via the web_search tool. These operations are consistent with the skill's primary financial reporting function and target documented data sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 06:12 AM