mcp-us-equities-read
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses a high-risk installation pattern:
curl -fsSL https://raw.githubusercontent.com/zz3310969/max-skills/main/scripts/install-rw.sh | bash. This allows code from an external GitHub repository to execute directly on the user's host system without prior inspection. - [COMMAND_EXECUTION]: Core functionality relies on executing the
rwcommand-line tool with user-specified parameters. - [EXTERNAL_DOWNLOADS]: The skill configures a remote VPS endpoint using a raw IP address (
113.44.56.214), bypassing DNS security and reputation systems. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. Ingestion points:
rw calltool arguments inSKILL.md. Boundary markers: JSON formatting is used for arguments, but no explicit 'ignore embedded instructions' delimiters are present. Capability inventory: Execution of therwCLI tool. Sanitization: No sanitization or validation of user-provided fields is documented in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/zz3310969/max-skills/main/scripts/install-rw.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata