coinbase-cdp-connector
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Coinbase CDP CLI from npm using
npx @coinbase/cdp-cli. This is a legitimate utility from a well-known financial service provider. - [COMMAND_EXECUTION]: The skill executes shell commands via the
cdpCLI tool to manage crypto wallets, request funds from faucets, and route trade orders. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes financial instructions generated by other agents and has the capability to execute onchain transactions.
- Ingestion points: The skill ingests
Orderlists provided by external desk agents such ascrypto-daytradingorhedge-fund-manager. - Boundary markers: It implements a strong human-in-the-loop boundary where the agent only proposes orders that a human must then manually approve (notification-first mode).
- Capability inventory: Capability to perform live trading and wallet operations via the
cdpcommand-line tool. - Sanitization: Safety is enforced by deterministic Python logic in
connectors/hard_caps.py, which applies hard risk limits (e.g., daily-loss kill, order-count budgets) outside of the LLM's influence.
Audit Metadata