tianqin-data
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to an external API hosted on a raw IP address (47.115.228.20) rather than a verified domain name.
- [DATA_EXFILTRATION]: Communication with the API is conducted over unencrypted HTTP (port 8888). This allows for potential interception of the TQ_API_KEY and market data in transit.
- [PROMPT_INJECTION]: The skill ingests data from an external API and outputs it as JSON, creating an indirect prompt injection surface.
- Ingestion points: Data is retrieved from the /quote/, /klines/, and /ticks/ endpoints in scripts/tq_cli.py.
- Boundary markers: None identified in the prompt templates or output formatting.
- Capability inventory: The skill has network access via the requests library but no direct file-write or shell execution capabilities beyond its own CLI execution.
- Sanitization: The script uses standard JSON serialization (json.dumps) which provides basic character escaping.
Audit Metadata