stock-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the 'stk' CLI tool to retrieve financial data and manage stock watchlists. Commands such as 'stk market', 'stk stock scan', and 'stk watchlist' are used to perform the skill's primary functions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external news content fetched by the 'stk market news' command. * Ingestion points: News titles and summaries from external sources are analyzed in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions to treat news content as untrusted data. * Capability inventory: Command execution via 'stk' and file writing to '~/.stk/reports/'. * Sanitization: The agent is instructed to summarize the content, which relies on standard model behavior.
- [SAFE]: All file system interactions are localized to a specific hidden directory ('~/.stk/reports/'), and the skill does not attempt to access sensitive system configurations or personal credentials.
Audit Metadata