coinbase-cdp-connector

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the Coinbase CDP CLI from npm using npx @coinbase/cdp-cli. This is a legitimate utility from a well-known financial service provider.
  • [COMMAND_EXECUTION]: The skill executes shell commands via the cdp CLI tool to manage crypto wallets, request funds from faucets, and route trade orders.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes financial instructions generated by other agents and has the capability to execute onchain transactions.
  • Ingestion points: The skill ingests Order lists provided by external desk agents such as crypto-daytrading or hedge-fund-manager.
  • Boundary markers: It implements a strong human-in-the-loop boundary where the agent only proposes orders that a human must then manually approve (notification-first mode).
  • Capability inventory: Capability to perform live trading and wallet operations via the cdp command-line tool.
  • Sanitization: Safety is enforced by deterministic Python logic in connectors/hard_caps.py, which applies hard risk limits (e.g., daily-loss kill, order-count budgets) outside of the LLM's influence.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — coinbase-cdp-connector