bingx-sub-account
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates interaction with the official BingX API for sub-account management and financial transfers. The code provided for signing requests follows standard cryptographic practices.
- [PROMPT_INJECTION]: The skill includes explicit security rules for the agent, requiring it to validate user input against documented patterns and reject characters used for injection (e.g., &, =, ?, #, newlines).
- [DATA_EXFILTRATION]: Network operations are limited to official vendor domains (bingx.com and bingx.pro). Sensitive credentials like API secrets are used for local HMAC signing and are not hardcoded or sent insecurely.
- [COMMAND_EXECUTION]: No dangerous system commands or arbitrary code evaluation are present. The TypeScript helper function is restricted to making authenticated HTTP requests and parsing JSON responses.
Audit Metadata