Skills
skills/wind-information-co-ltd/wind-skills/wind-mcp-skill/Gen Agent Trust Hub

wind-mcp-skill

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed to provide access to official Wind financial data services. All network communication is directed to the vendor's verified domain (mcp.wind.com.cn).
  • [COMMAND_EXECUTION]: The provided CLI script (scripts/cli.mjs) uses node:child_process to open the Wind developer portal in the user's default browser. This is a legitimate utility intended to help users obtain their API key.
  • [PROMPT_INJECTION]: The skill processes natural language questions from the user to retrieve financial data. This constitutes a standard indirect prompt injection attack surface inherent to RAG and data-retrieval agents, which is mitigated by the host agent's safety layers.
  • [SAFE]: API key management follows best practices, allowing for environment variables or local configuration files (~/.wind-aimarket/config). The script includes logic to mask keys in error output to prevent accidental exposure in logs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:02 AM