skills/okx/agent-skills/okx-cex-auth/Gen Agent Trust Hub

okx-cex-auth

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the okx CLI to perform authentication tasks, status checks, and configuration management. These operations are standard for the tool's intended use case and are necessary to interact with the OKX platform.- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official @okx_ai/okx-trade-cli package from the NPM registry. It also provides a mechanism (okx auth install) to download and update the vendor's authentication binary, which is a common pattern for local authentication clients.- [DATA_EXFILTRATION]: The skill interacts with sensitive local data, specifically API keys and configuration settings stored in ~/.okx/config.toml. This access is documented as part of the authentication status check (okx config show) and is required for managing the user's account connection. There is no evidence of data being sent to unauthorized third-party domains.- [PROMPT_INJECTION]: The skill processes output from the okx CLI commands to determine authentication state. While this represents a surface for indirect prompt injection if tool outputs were manipulated, the skill provides specific instructions on how to parse this structured JSON data and includes mandatory manual checkpoints for the user.
  • Ingestion points: Tool outputs from okx config show and okx auth status.
  • Boundary markers: None explicitly defined for command output interpolation.
  • Capability inventory: Execution of npm and okx binaries.
  • Sanitization: No explicit sanitization of command output before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 11:15 AM
Security Audit — agent-trust-hub — okx-cex-auth