okx-cex-portfolio

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @okx_ai/okx-trade-cli package from the official npm registry. This is a recognized vendor resource from 'okx' used for its intended purpose.
  • [COMMAND_EXECUTION]: The skill uses the okx command-line interface to perform account operations such as checking balances and viewing trade history. These commands are restricted to account management and are consistent with the skill's stated purpose.
  • [DATA_EXFILTRATION]: While the skill reads sensitive account information like balances and positions, this data is intended for the user's awareness. The skill explicitly instructs the agent to never accept credentials in chat and to use secure configuration methods.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data returned from the OKX API (e.g., transaction bills or currency names). 1. Ingestion points: Data from OKX API via okx account commands. 2. Boundary markers: Not explicitly defined in instructions. 3. Capability inventory: Execution of okx CLI commands. 4. Sanitization: Relies on standard platform processing of tool outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:43 PM
Security Audit — agent-trust-hub — okx-cex-portfolio