Skills
skills/hubblevision/hubble-data-service-skill/hk-fundamental/Gen Agent Trust Hub

hk-fundamental

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded credential pattern was detected in the AUTH variable (X-API-Key: 123456). While '123456' serves as a placeholder, hardcoding authentication headers is a poor security practice.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute curl commands to fetch data, which involves shell interaction.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to an external IP address (43.167.234.49) to retrieve stock symbols and trading calendars. This creates a dependency on a non-whitelisted remote server.
  • [PROMPT_INJECTION]: The skill includes instructions to 'Never answer from training memory' and 'Always use API data'. While intended for data accuracy, these are firm behavioral overrides that prioritize external data over internal safety constraints if the external data were to be poisoned.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 02:50 PM