bitget
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing the
bgcCLI tool with various modules and parameters to fetch market data, query account assets, and perform trading actions. - [EXTERNAL_DOWNLOADS]: The skill directs the AI to instruct users to install the
bitget-clientpackage globally via npm (npm install -g bitget-client) to enable the required CLI functionality. - [PROMPT_INJECTION]: The skill includes instructions to prioritize its use for a broad set of generic trading phrases (e.g., 'check my open orders', 'what's my P&L') and Chinese-language requests, even when 'Bitget' is not explicitly mentioned. This steers the agent to favor this specific skill for general user intents.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes external data from the Bitget API. Ingestion points: JSON responses from Bitget API via the
bgctool (SKILL.md). Boundary markers: The skill lacks explicit instructions to the agent to disregard potential commands or instructions embedded in the API data. Capability inventory: The skill has significant capabilities, including placing orders, transferring funds between accounts, and performing withdrawals. Sanitization: The skill provides instructions to the AI to summarize and format the API output rather than displaying raw data, which serves as a basic form of content interpretation mitigation.
Audit Metadata