tushare-finance
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the legitimate
tusharePython library to fetch financial data from the official Tushare Pro servers (tushare.pro). - [CREDENTIALS_UNSAFE]: Requires an API token for authentication. The skill correctly instructs users to provide this via environment variables (
TUSHARE_TOKEN), which is the recommended security practice for AI agent skills. - [COMMAND_EXECUTION]: The provided Python script (
scripts/api_client.py) is a benign wrapper around the Tushare library and does not contain any arbitrary command execution or dangerous shell calls. - [PROMPT_INJECTION]: The instructions in
SKILL.mdare purely task-oriented and do not attempt to bypass safety filters or override agent constraints.
Audit Metadata