tianqing-data
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to a remote API at http://47.115.228.20:8888 to fetch market data. This IP address is not on the trusted or whitelisted domains list.
- [COMMAND_EXECUTION]: The skill provides a Python script scripts/tq_cli.py intended to be executed via command line to interact with the futures data API.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from an external API.
- Ingestion points: Market data is ingested from the EasyFut API via the get_quote, get_klines, and get_ticks methods in scripts/tq_cli.py.
- Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands within the fetched JSON data.
- Capability inventory: The skill has the capability to perform network requests and execute CLI commands.
- Sanitization: The skill does not perform any validation or sanitization on the JSON data returned from the API before presenting it to the agent context.
Audit Metadata