okx-dapp-discovery
Fail
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically installs and executes code from the 'okx/plugin-store' repository on GitHub at runtime using the 'npx skills add' command based on user input.
- [COMMAND_EXECUTION]: Implements a shell pipeline that retrieves data from a remote GitHub API via 'curl' and pipes it directly into a 'python3' one-liner for execution of parsing logic.
- [COMMAND_EXECUTION]: Executes shell commands including 'npx', 'grep', 'curl', and 'python3'. It also contains instructions for the agent to use 'chmod' and binary launchers during the setup of third-party plugins.
- [EXTERNAL_DOWNLOADS]: Fetches plugin catalog listings and setup configurations from the GitHub API and 'raw.githubusercontent.com' over the network.
- [PROMPT_INJECTION]: Indirect prompt injection surface detected.
- Ingestion points: Retrieves the plugin catalog from a remote API and reads external 'SKILL.md' files from installed plugins.
- Boundary markers: Absent; the skill lacks delimiters to separate user input from the instructions fetched from the remote store.
- Capability inventory: Subprocess execution ('npx', 'curl', 'python3'), environment modification ('npx skills add'), and file reading from the local filesystem.
- Sanitization: Performs basic normalization of user-provided strings using the 'tr' command to prevent basic command injection in plugin naming.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.github.com/repos/okx/plugin-store/contents/skills - DO NOT USE without thorough review
Audit Metadata