equity-research-orchestrator
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to activate a virtual environment (
source ../../.venv/bin/activate) and run scripts from a sibling directory (python ../findata-toolkit-cn/scripts/views_runner.py). This allows the agent to execute code located outside the skill's own directory structure.\n- [EXTERNAL_DOWNLOADS]: The instructions include runningpip install -r ../findata-toolkit-cn/requirements.txt, which downloads and installs third-party Python packages from public registries at runtime, introducing risks associated with unverifiable dependencies.\n- [CREDENTIALS_UNSAFE]: The documentation mentions the use ofXUEQIU_TOKENas an environment variable for accessing financial data APIs. While the token itself is not hardcoded, the instruction guides the agent to use and potentially expose sensitive authentication credentials in the execution environment.
Audit Metadata