Skills
skills/hubblevision/hubble-data-service-skill/crypto-indicators/Gen Agent Trust Hub

crypto-indicators

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded API key 123456 is found within the AUTH variable definition in SKILL.md.
  • [COMMAND_EXECUTION]: The skill utilizes curl to interact with the Hubble API endpoints.
  • [DATA_EXFILTRATION]: The skill performs network requests to an external IP address 43.167.234.49. Although this is the vendor's Hubble API, it is an unverified external destination for data transmission.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Data fetched from the Hubble API endpoints via curl is directly incorporated into the agent's conversation context.
  • Boundary markers: Absent. The skill does not provide instructions to the agent to use delimiters or to ignore instructions that might be embedded in the fetched indicator data.
  • Capability inventory: The skill has access to network tools (curl).
  • Sanitization: No logic is provided to validate, filter, or escape the content returned from the remote API.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 02:51 PM