hk-realtime-quote
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded API key
123456is provided in theSKILL.mdsetup instructions for authenticating with the backend API. - [DATA_EXFILTRATION]: The skill is configured to send user-supplied stock codes to an unverified raw IP address (
43.167.234.49) over an unencrypted (HTTP) or unspecified connection, representing a data exfiltration risk to a non-whitelisted domain. - [PROMPT_INJECTION]: The instructions explicitly command the agent to disregard its internal training memory and bypass safety or knowledge filters ("must immediately call this skill—never answer from training memory").
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill ingests data from an external API without security boundaries or sanitization, creating a surface for indirect attacks. Ingestion points: Data returned from
http://43.167.234.49:3101/api/v2/hkstock/securitiesis directly processed by the agent. Boundary markers: Absent. There are no delimiters used to separate untrusted API data from the agent's instructions. Capability inventory: The skill usescurlfor network operations and processes JSON data. Sanitization: No validation or sanitization of the API response is implemented. - [COMMAND_EXECUTION]: The skill metadata contains shell commands for installation (
cp -r ...) which execute file system operations on the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata