htx/spot-account
Fail
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions include a command that downloads a shell script from the vendor's official GitHub repository and pipes it directly into bash.
- Evidence:
curl -fsSL https://github.com/htx-exchange/htx-skills-hub/releases/latest/download/install.sh | bash -s -- spot-accountfound inSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing and execution capabilities.
- Ingestion points: External data is ingested via account history (
/v1/account/history) and deposit/withdraw records (/v1/query/deposit-withdraw) as documented inSKILL.md. - Boundary markers: Absent. No delimiters or instructions to ignore embedded content are provided for the ingested data.
- Capability inventory: The skill includes high-privilege write operations, specifically fund transfers between accounts (Endpoints 6, 7, and 8) via the
htx-cli. - Sanitization: Absent. The skill does not mention validation or escaping of the data fetched from the exchange API.
- [COMMAND_EXECUTION]: The skill facilitates interaction with the HTX exchange by executing local shell commands via the
htx-clitool. - Evidence: Numerous workflow patterns in
SKILL.mdinvokehtx-cli spot accountandhtx-cli spot callfor querying balances and performing transfers.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/htx-exchange/htx-skills-hub/releases/latest/download/install.sh - DO NOT USE without thorough review
Audit Metadata