okx-sentiment-tracker

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from external news sources and web search results.
  • Ingestion points: External news content is fetched through multiple okx news commands (latest, search, by-coin) as described in SKILL.md, and the references/workflows.md file suggests using web searches for additional context.
  • Boundary markers: There are no instructions for the agent to use delimiters or ignore potential commands embedded within the external news data.
  • Capability inventory: The skill provides access to a variety of okx CLI tools for news, market data, and account management, which could be targeted by an injection attack.
  • Sanitization: No sanitization or validation of the fetched external content is performed before it is integrated into the agent's context.
  • [COMMAND_EXECUTION]: The documentation encourages a practice that could lead to credential exposure in terminal history.
  • Evidence: SKILL.md provides an example command okx config add-profile AK=<key> SK=<secret> PP=<passphrase> name=live for setting up API credentials.
  • Risk: Entering secrets directly into CLI arguments often results in those secrets being recorded in cleartext within shell history files (e.g., .bash_history).
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI tool from an external package registry.
  • Evidence: The installation instructions in SKILL.md specify running npm install -g @okx_ai/okx-trade-cli@1.3.3.
  • Context: The package is part of the vendor's official @okx_ai scope on NPM.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:43 PM
Security Audit — agent-trust-hub — okx-sentiment-tracker