glmv-stock-analyst
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Python and Bash scripts to manage its lifecycle, including environment setup (
setup.sh), financial data collection (fetch_all.py), and report formatting (md2html.py,export_report.py). These operations are essential to the skill's purpose and follow a structured local execution model. - [EXTERNAL_DOWNLOADS]: The skill fetches financial data, news, and reports from well-known financial service providers such as Eastmoney (
eastmoney.com,dfcfw.com), Cailianpress (cls.cn), and Yahoo Finance. The setup process also involves downloading standard Python dependencies from official PyPI mirrors (TUNA, Aliyun, or PyPI). - [SAFE]: Extensive analysis of the skill's scripts and instructions found no evidence of prompt injection, unauthorized data access, persistence mechanisms, or obfuscation. The skill correctly utilizes environment variables for sensitive API tokens (e.g.,
TUSHARE_TOKEN) and maintains data isolation by using timestamped task folders within the workspace.
Audit Metadata