okx-sentiment-tracker
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from external news sources and web search results.
- Ingestion points: External news content is fetched through multiple
okx newscommands (latest, search, by-coin) as described inSKILL.md, and thereferences/workflows.mdfile suggests using web searches for additional context. - Boundary markers: There are no instructions for the agent to use delimiters or ignore potential commands embedded within the external news data.
- Capability inventory: The skill provides access to a variety of
okxCLI tools for news, market data, and account management, which could be targeted by an injection attack. - Sanitization: No sanitization or validation of the fetched external content is performed before it is integrated into the agent's context.
- [COMMAND_EXECUTION]: The documentation encourages a practice that could lead to credential exposure in terminal history.
- Evidence:
SKILL.mdprovides an example commandokx config add-profile AK=<key> SK=<secret> PP=<passphrase> name=livefor setting up API credentials. - Risk: Entering secrets directly into CLI arguments often results in those secrets being recorded in cleartext within shell history files (e.g.,
.bash_history). - [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI tool from an external package registry.
- Evidence: The installation instructions in
SKILL.mdspecify runningnpm install -g @okx_ai/okx-trade-cli@1.3.3. - Context: The package is part of the vendor's official
@okx_aiscope on NPM.
Audit Metadata