Skills
skills/tiancheng91/skills/stock-sdk-mcp/Gen Agent Trust Hub

stock-sdk-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions frequently use npx -y stock-sdk-mcp (e.g., in SKILL.md and tools-reference.md), which triggers the download of the stock-sdk-mcp package from the npm registry during execution.\n- [REMOTE_CODE_EXECUTION]: By invoking uvx mcp2cli --mcp-stdio "npx -y stock-sdk-mcp", the skill executes code from a remote, unverified npm package. This package is not from a trusted organization or well-known service, posing a risk of executing unvetted code.\n- [COMMAND_EXECUTION]: The skill relies on executing system commands via uvx and npx to run its core tools and manage the Model Context Protocol (MCP) server environment.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external stock market APIs, creating an indirect prompt injection surface.\n
  • Ingestion points: Market quotes, K-line data, and technical indicators are fetched from external APIs via the stock-sdk-mcp tool (referenced in all markdown files).\n
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the stock data.\n
  • Capability inventory: The agent has the capability to execute shell commands via uvx mcp2cli (seen in market-overview.md and stock-analyst.md).\n
  • Sanitization: The instructions do not specify any validation or sanitization of the retrieved market data before it is interpreted by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 01:29 PM