trade-quick
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted search results which create a surface for indirect prompt injection from malicious web content.
- Ingestion points: Step 1 gathers data via WebSearch queries for stock prices, news, and technical indicators as defined in SKILL.md.
- Boundary markers: The instructions do not define delimiters or specific boundary markers to isolate and ignore instructions that might be embedded in the retrieved web content.
- Capability inventory: The skill is restricted to terminal output and explicitly prohibits writing files or launching subagents in SKILL.md, which significantly mitigates the potential impact of an injection.
- Sanitization: There is no specified process for sanitizing, escaping, or validating the external data before it is parsed and used for the assessment.
Audit Metadata