okx-guide
Fail
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The file
_shared/preflight.mdcontains instructions for the agent to download aninstall.shscript and a checksum file if the required CLI is not found. Furthermore, automated scanners flaggedreferences/ai-support.mdandreferences/intro.mdfor suspicious HTTP request patterns. - [REMOTE_CODE_EXECUTION]: The skill is designed to execute the downloaded
install.shscript during its pre-flight check. This represents a significant remote code execution vector, as the integrity and source of the script are not hardcoded or verified by the skill's static instructions. - [COMMAND_EXECUTION]: The skill frequently invokes the
onchainosCLI (e.g.,wallet status,agent get-my-agents,agent search) to retrieve wallet balances and manage agent identities, involving the execution of local shell commands. - [DATA_EXFILTRATION]: Automated URL scanners flagged
https://okx.ai, which is referenced throughout the skill for customer support and account management, as a malicious "CryptScam" domain. This poses a risk of directing users to a site intended for phishing or fraudulent activities. - [PROMPT_INJECTION]: The skill ingests untrusted data from the agent marketplace (such as agent names and descriptions) and displays it to the user. The lack of strict delimiters or sanitization for this external content creates a surface for indirect prompt injection attacks.
Recommendations
- CRITICAL: 2 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata