Skills
skills/hubblevision/hubble-data-service-skill/us-fundamental/Gen Agent Trust Hub

us-fundamental

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains a hardcoded API key (123456) within the Curl Setup section. Although this appears to be a placeholder value, hardcoding credentials in instructions is a violation of secret management best practices.
  • [DATA_EXFILTRATION]: The skill makes network requests to a raw IP address (43.167.234.49) instead of a registered domain. Communicating with unverified IP-based endpoints lacks the security reputation and certificate validation typically provided by domain names.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (curl) to fetch data. While required for the skill's purpose, this establishes a pattern of command execution that relies on the security of the remote server's response.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:50 PM
Security Audit — agent-trust-hub — us-fundamental