htx-oi-tracker
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill drives the
htx-clibinary to interact with HTX's API. It constructs shell commands using parameters likecontract_code,period, andsizeto retrieve specific market data. - [EXTERNAL_DOWNLOADS]: The skill relies on an external dependency,
htx-cli, which must be installed on the user's system. Installation instructions in the README point to the vendor's distribution channel. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes market data from external HTX API endpoints.
- Ingestion points: API responses from
/linear-swap-api/v1/swap_open_interestand/linear-swap-ex/market/his_open_interest(SKILL.md). - Boundary markers: None identified in the prompt instructions to delineate external data from agent commands.
- Capability inventory: Execution of
htx-clishell commands (SKILL.md). - Sanitization: No explicit sanitization or validation of the external API data is implemented before the agent processes the output.
Audit Metadata