Skills
skills/hubblevision/hubble-data-service-skill/us-realtime-quote/Gen Agent Trust Hub

us-realtime-quote

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains a hardcoded API key (123456) in the connection setup code within SKILL.md.
  • [DATA_EXFILTRATION]: User-provided search terms and stock symbols are transmitted to an external hardcoded IP address (43.167.234.49) over an insecure HTTP connection.
  • [PROMPT_INJECTION]: The instructions use absolute directives ("must immediately call", "never answer from memory") to override the model's standard behavior and ignore its trained safety or knowledge constraints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: User-provided stock symbols are directly interpolated into the API request URL.
  • Boundary markers: Absent; there are no delimiters or instructions to prevent the model from interpreting user input as part of the command logic.
  • Capability inventory: The skill has the capability to perform network requests (curl) to an external IP.
  • Sanitization: Absent; no validation or escaping of user input is specified before it is sent to the external endpoint.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 02:50 PM