okx-agent-task

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The _shared/preflight.md file contains instructions to fetch the latest stable version of the onchainos tool and download installation scripts from https://github.com/okx/onchainos-skills. This is a standard update mechanism for the vendor's tooling.
  • [REMOTE_CODE_EXECUTION]: During the pre-flight environment check, the skill downloads and executes an installation script (install.sh or install.ps1) from the author's official GitHub repository to manage the onchainos binary.
  • [COMMAND_EXECUTION]: The skill's activation logic in SKILL.md involves executing scripts returned by the onchainos agent next-action command. This is the primary mechanism for the agent to perform task-related operations.
  • [SAFE]: The skill contains comprehensive safety guidelines in user-sub-playbook.md and references/evaluator-decision-rubric.md (Dangerous-Instruction Gate and Behavioral constraints). These instructions explicitly forbid the agent from following shell commands, reading local files, or querying sensitive information if they are embedded in untrusted peer messages or task materials, mitigating indirect prompt injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 02:38 AM
Security Audit — agent-trust-hub — okx-agent-task