Trust Assessment
trading212-api received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 0 critical, 12 high, 0 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Potential Command Injection via Unsanitized API Key/Secret in Shell Command, Potential Credential Exfiltration via Unvalidated T212_BASE_URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:92 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:101 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:104 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:112 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:129 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:177 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:185 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:189 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:197 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/tsvetelin-kulinski/trading212-api/SKILL.md:200 | |
| HIGH | Potential Command Injection via Unsanitized API Key/Secret in Shell Command The skill documentation instructs the agent to construct an `Authorization` header using a shell command: `export T212_AUTH_HEADER="Basic $(echo -n "$T212_API_KEY:$T212_API_SECRET" | base64)"`. It also explicitly states that the agent should "Build header as `Basic $(echo -n "$T212_API_KEY:$T212_API_SECRET" | base64)`" if `T212_AUTH_HEADER` is not set. If the environment variables `T212_API_KEY` or `T212_API_SECRET` contain shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`), and are not properly sanitized by the agent before being interpolated into this shell command, it could lead to arbitrary command execution on the host system. The agent must ensure that any user-provided environment variables (like `T212_API_KEY` and `T212_API_SECRET`) are properly sanitized or escaped before being used in shell command construction. A safer approach would be for the agent to perform the base64 encoding and string concatenation internally, without invoking a shell command, or to use a secure shell execution library that handles escaping. | LLM | SKILL.md:106 | |
| HIGH | Potential Credential Exfiltration via Unvalidated T212_BASE_URL The skill documentation instructs the agent to use the `T212_BASE_URL` environment variable directly in `curl` commands if it is set. For example: `curl -H "Authorization: $T212_AUTH_HEADER" "${T212_BASE_URL}/api/v0/equity/account/summary"`. If a malicious user sets `T212_BASE_URL` to an attacker-controlled domain, the agent would send the `Authorization` header (containing the base64-encoded API key and secret) to the attacker's server, leading to credential exfiltration. The documentation does not specify any validation or restriction on the value of `T212_BASE_URL` when it is used. The agent must validate `T212_BASE_URL` to ensure it points only to legitimate Trading 212 domains (`https://demo.trading212.com` or `https://live.trading212.com`). If `T212_BASE_URL` is not explicitly set or is invalid, the agent should construct the base URL using the `T212_ENV` variable and enforce the allowed domains. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/5d4e4b4a56d258ea)
Powered by SkillShield