Skills
skills/hubblevision/hubble-data-service-skill/us-market/Gen Agent Trust Hub

us-market

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl commands to interact with the Hubble API for retrieving financial data.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from http://43.167.234.49:3101, which serves as the designated backend for the HubbleVision market data service.\n- [CREDENTIALS_UNSAFE]: A hardcoded API key (123456) is defined in the AUTH variable. This appears to be a common placeholder for vendor-provided services and does not represent a sensitive credential exposure.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface.\n
  • Ingestion points: User queries and stock tickers are ingested and used as parameters in curl requests in SKILL.md.\n
  • Boundary markers: No specific delimiters or safety instructions are provided to the agent to mitigate potential malicious content in API responses.\n
  • Capability inventory: The skill is capable of network operations via curl and parallel task execution via wait.\n
  • Sanitization: There is no explicit sanitization logic described for handling external data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:51 PM