dividend-corporate-action-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes data from external financial sources (e.g., Sina Finance, EastMoney, CNInfo, Baidu) and incorporates it into its analysis. While no malicious content was found in the static files, the ingestion of untrusted external data allows for the possibility of embedded instructions influencing the agent's behavior.
- [COMMAND_EXECUTION]: The skill performs shell command execution to activate a virtual environment and run data-fetching scripts (
views_runner.py) located in a sibling directory (../findata-toolkit-cn/). These commands are used for environment setup and data retrieval and are consistent with the vendor's own toolkit architecture. - [EXTERNAL_DOWNLOADS]: The skill fetches market data from various third-party financial websites and uses pip to install dependencies from a local requirements file. These operations are standard for its financial analysis purpose.
Audit Metadata