cn-index
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains a hardcoded API key (
123456) in theSKILL.mdfile within the authentication header setup. Hardcoding credentials in source files is an insecure practice that can lead to unauthorized access. - [DATA_EXFILTRATION]: The skill communicates with an unverified external IP address (
43.167.234.49) usingcurlto retrieve index and industry data. Interacting with non-domain-based infrastructure that is not a recognized or trusted service provider increases security risks. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the processing of untrusted data from an external API without safety controls.
- Ingestion points: External data is ingested from API endpoints hosted at
http://43.167.234.49:3101. - Boundary markers: No delimiters or instructions are used to separate API data from the agent's primary instructions.
- Capability inventory: The skill uses
curlto execute network operations. - Sanitization: There is no evidence of input validation or output sanitization for the data received from the remote server.
Recommendations
- AI detected serious security threats
Audit Metadata