mcp-us-equities-intraday
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions command the user to pipe a remote shell script directly into the bash interpreter (curl -fsSL ... | bash). This allows for the execution of arbitrary code from an untrusted source.
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from an external, untrusted GitHub repository controlled by the author (https://raw.githubusercontent.com/zz3310969/max-skills/main/scripts/install-rw.sh).
- [COMMAND_EXECUTION]: The skill executes a custom CLI tool (rw) that is installed and updated via the aforementioned remote script, and configures it to communicate with a hardcoded IP address (113.44.56.214). This tool is used to perform subsequent operations.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. Untrusted data enters the agent context through the 'tickers' and 'ticker' arguments in SKILL.md. No boundary markers or sanitization procedures are implemented for these inputs, which are subsequently passed to the 'rw call' capability used for subprocess execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/zz3310969/max-skills/main/scripts/install-rw.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata