htx/spot-account

Fail

Audited by Gen Agent Trust Hub on Jun 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation instructions include a command that downloads a shell script from the vendor's official GitHub repository and pipes it directly into bash.
  • Evidence: curl -fsSL https://github.com/htx-exchange/htx-skills-hub/releases/latest/download/install.sh | bash -s -- spot-account found in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing and execution capabilities.
  • Ingestion points: External data is ingested via account history (/v1/account/history) and deposit/withdraw records (/v1/query/deposit-withdraw) as documented in SKILL.md.
  • Boundary markers: Absent. No delimiters or instructions to ignore embedded content are provided for the ingested data.
  • Capability inventory: The skill includes high-privilege write operations, specifically fund transfers between accounts (Endpoints 6, 7, and 8) via the htx-cli.
  • Sanitization: Absent. The skill does not mention validation or escaping of the data fetched from the exchange API.
  • [COMMAND_EXECUTION]: The skill facilitates interaction with the HTX exchange by executing local shell commands via the htx-cli tool.
  • Evidence: Numerous workflow patterns in SKILL.md invoke htx-cli spot account and htx-cli spot call for querying balances and performing transfers.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/htx-exchange/htx-skills-hub/releases/latest/download/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 8, 2026, 03:35 AM
Security Audit — agent-trust-hub — htx/spot-account