Skills
skills/holon-run/uxc/bitget-openapi-skill/Gen Agent Trust Hub

bitget-openapi-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads an OpenAPI schema from the vendor's official GitHub repository at https://raw.githubusercontent.com/holon-run/uxc/main/skills/bitget-openapi-skill/references/bitget-v2.openapi.json. This is used to configure the uxc tool for API interactions.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the uxc tool and create a command alias (bitget-openapi-cli). These operations are restricted to the curated public market surface of the Bitget API.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Bitget's public API endpoints. Potential risks are mitigated through several layers:
  • Ingestion points: Market data is ingested from api.bitget.com (SKILL.md, bitget-v2.openapi.json).
  • Boundary markers: Instructions explicitly mandate the use of the JSON output envelope and parsing of stable fields (SKILL.md).
  • Capability inventory: Execution is limited to the uxc tool for specific REST operations defined in the local schema.
  • Sanitization: Input and output are governed by a fixed OpenAPI schema, providing structural validation of external data.
  • [DATA_EXFILTRATION]: No exfiltration patterns detected. The skill specifically warns against including private authentication logic and restricts network access to the official Bitget API domain.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:14 AM