bingx-trade-review

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/review.py, scripts/tags.py) to perform statistical analysis and generate PNG charts. These scripts are bundled with the skill and use standard data processing logic.
  • [DATA_EXFILTRATION]: The skill communicates with official BingX API domains (open-api.bingx.com, open-api-vst.bingx.com) to retrieve trade records. This network activity is limited to the vendor's own infrastructure and is required for the skill's primary function.
  • [EXTERNAL_DOWNLOADS]: The skill specifies requirements for well-known data science packages (pandas, matplotlib, numpy) from standard package registries.
  • [SAFE]: The skill processes untrusted external data (API responses) but limits its use to structured numerical analysis and chart generation, effectively mitigating indirect prompt injection risks.
  • Ingestion points: Historical trade data from BingX API and local JSON storage handled in scripts/storage.py.
  • Boundary markers: Data is passed as structured JSON strings to analysis scripts via command-line arguments.
  • Capability inventory: The skill utilizes subprocess execution for Python scripts and writes data/charts to a local hidden directory (~/.bingx-skills/).
  • Sanitization: Interaction rules explicitly mandate extracting structured values from user intent rather than using raw text to prevent parameter injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:46 PM
Security Audit — agent-trust-hub — bingx-trade-review