okx-buildx-hackathon-agent-track
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates environment setup by fetching and executing installation scripts (install.sh) from the vendor's official GitHub repositories (okx/onchainos-skills and okx/plugin-store). These operations are part of the intended project configuration.
- [EXTERNAL_DOWNLOADS]: Automated scripts download reference documentation, configuration manifests, and skill dependencies from trusted domains including web3.okx.com, docs.uniswap.org, and moltbook.com.
- [COMMAND_EXECUTION]: The skill employs shell commands for local project management, including an automated version-checking script that ensures the agent is using the latest version of the hackathon instructions.
- [PROMPT_INJECTION]: As the skill interacts with a public feed on Moltbook, it acknowledges the risk of indirect prompt injection from third-party content. It mitigates this by instructing the agent to treat all external submission data as untrusted and to prioritize its internal scoring guidelines over embedded instructions.
Audit Metadata