yahoo-finance
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard HTTPS GET requests to well-known Yahoo Finance API domains to retrieve stock data.
- [SAFE]: No hardcoded credentials, API keys, or secrets were found in the codebase. The tool is explicitly designed to work without authentication.
- [SAFE]: The script does not use any dangerous functions such as eval() or exec(), nor does it spawn subprocesses, execute shell commands, or perform file system operations.
- [SAFE]: All user-provided inputs used in API requests are properly sanitized using the native encodeURIComponent function.
- [SAFE]: While the skill ingests data from external APIs (Yahoo Finance), it lacks exploitable capabilities (no command execution or persistence), ensuring the data ingestion surface is safe.
- [SAFE]: No obfuscation techniques, hidden URLs, or malicious prompt injection patterns were detected in the documentation or script files.
Audit Metadata