htx/spot-market

Fail

Audited by Gen Agent Trust Hub on Jun 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation provides an installation command that downloads a shell script (install.sh) from the official HTX Exchange GitHub repository and pipes it directly to the bash interpreter for execution.
  • [COMMAND_EXECUTION]: The instructions direct the AI agent to use a CLI tool named htx-cli to perform various market data queries such as fetching tickers, klines, and order book depth.
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and references documentation from external sources, specifically the htx-exchange and huobiapi GitHub organizations.
  • [PROMPT_INJECTION]: The skill processes external market data (e.g., price tickers and trade history) which are ingested into the agent's context. This represents a potential surface for indirect prompt injection, although the risk is limited by the structured numeric nature of the data.
  • Ingestion points: Command output from htx-cli (e.g., tickers, market-detail-merged) cited in the examples.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: Shell command execution via the htx-cli tool.
  • Sanitization: No sanitization or validation of the API output is described.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/htx-exchange/htx-skills-hub/releases/latest/download/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 8, 2026, 03:36 AM
Security Audit — agent-trust-hub — htx/spot-market