htx-oi-tracker

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill drives the htx-cli binary to interact with HTX's API. It constructs shell commands using parameters like contract_code, period, and size to retrieve specific market data.
  • [EXTERNAL_DOWNLOADS]: The skill relies on an external dependency, htx-cli, which must be installed on the user's system. Installation instructions in the README point to the vendor's distribution channel.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes market data from external HTX API endpoints.
  • Ingestion points: API responses from /linear-swap-api/v1/swap_open_interest and /linear-swap-ex/market/his_open_interest (SKILL.md).
  • Boundary markers: None identified in the prompt instructions to delineate external data from agent commands.
  • Capability inventory: Execution of htx-cli shell commands (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the external API data is implemented before the agent processes the output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:49 PM
Security Audit — agent-trust-hub — htx-oi-tracker