Skills
skills/okx/agent-skills/okx-cex-skill-mp/Gen Agent Trust Hub

okx-cex-skill-mp

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the official @okx_ai/okx-trade-cli package from npm and third-party AI skills from the OKX marketplace.
  • [COMMAND_EXECUTION]: Executes terminal commands using the okx CLI and npx to manage configurations and skill installations.
  • [PROMPT_INJECTION]: The skill serves as a gateway for third-party content, presenting an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the environment through the okx skill add and okx skill download commands, as well as the skills_search MCP tool.
  • Boundary markers: The skill provides a prominent 'Third-Party Content Notice' warning users that marketplace content is not reviewed by OKX and advising review of SKILL.md files.
  • Capability inventory: The skill uses the okx CLI to write files to the agent's local skill directory (e.g., ~/.agents/skills/).
  • Sanitization: No explicit sanitization or validation of the downloaded prompt content is performed by this management skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 07:37 PM