cn-fundamental
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes a hardcoded API key (
123456) in the curl setup instructions withinSKILL.md. While it may be a placeholder, hardcoding credentials in the skill definition is an unsafe practice. - [DATA_EXFILTRATION]: The skill performs network operations to an external IP address (
43.167.234.49) to fetch financial data. While this aligns with the skill's stated purpose, communication with a raw IP address that is not a well-known service or trusted organization is considered a risk for data exfiltration. - [COMMAND_EXECUTION]: The skill provides and encourages the execution of
curlcommands in a shell environment to retrieve stock data, which could be exploited if parameters are not properly sanitized. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from an external API and incorporates it into the agent's context.
- Ingestion points: Data is fetched from multiple endpoints on
http://43.167.234.49:3101/api/v2/cnstock/(defined inSKILL.md). - Boundary markers: Absent. The skill does not define any delimiters or instructions for the agent to ignore embedded commands within the fetched data.
- Capability inventory: The skill utilizes shell-based data retrieval via
curl(specified inSKILL.md). - Sanitization: Absent. There is no evidence of filtering or validation of the content returned from the external API before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata