Skills
skills/okx/plugin-store/rootdata-crypto-plugin/Gen Agent Trust Hub

rootdata-crypto-plugin

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill incorporates a pre-flight bash script in SKILL.md used for session maintenance. This script utilizes standard shell utilities such as curl, stat, date, and awk to manage update caching and verify the local version against the remote repository.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated version checks by fetching a manifest from the okx organization's GitHub repository. If a new version is detected, it invokes npx to update the skill globally from the same source infrastructure.
  • [PROMPT_INJECTION]: The skill acts as a data-ingestion surface, processing responses from api.rootdata.com that include entity descriptions and job change details. While these inputs lack explicit boundary markers or sanitization logic, the vulnerability is limited to indirect prompt injection which is a standard characteristic of data-retrieval skills.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 07:02 AM