tushare-finance

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the legitimate tushare Python library to fetch financial data from the official Tushare Pro servers (tushare.pro).
  • [CREDENTIALS_UNSAFE]: Requires an API token for authentication. The skill correctly instructs users to provide this via environment variables (TUSHARE_TOKEN), which is the recommended security practice for AI agent skills.
  • [COMMAND_EXECUTION]: The provided Python script (scripts/api_client.py) is a benign wrapper around the Tushare library and does not contain any arbitrary command execution or dangerous shell calls.
  • [PROMPT_INJECTION]: The instructions in SKILL.md are purely task-oriented and do not attempt to bypass safety filters or override agent constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 11:19 PM
Security Audit — agent-trust-hub — tushare-finance