glmv-stock-analyst
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's primary functionality is to gather and analyze financial data, which it performs using established APIs and libraries.
- [EXTERNAL_DOWNLOADS]: Retrieves stock data, news, and reports from well-known financial platforms (Eastmoney, 财联社, Yahoo Finance). These downloads are necessary for the skill's stated purpose and target reputable domains.
- [COMMAND_EXECUTION]: Executes local Python and shell scripts for environment setup, data fetching, and document formatting. These operations are restricted to the agent's workspace and intended functionality.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Uses standard environment variables for API token management. No unauthorized data access or exfiltration patterns were identified.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Stock news from 财联社 and analyst reports from Eastmoney accessed in fetch_all.py.
- Boundary markers: The skill uses a structured report_template.md to separate data collection from the model's analytical judgment.
- Capability inventory: Capability includes file system operations (write), shell execution, and multi-modal image processing.
- Sanitization: The model acts as a summarizer of fetched content, mitigating the risk of executing instructions contained within financial reports.
Audit Metadata