rootdata-crypto-plugin
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs an automated version check by fetching metadata from the official OKX GitHub repository. This is used to ensure the skill remains up-to-date and is consistent with the vendor's distribution model.
- [COMMAND_EXECUTION]: Includes a shell script block for version management and updates. It uses the
npxpackage runner to update the skill globally if a newer version is identified on the vendor's repository. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the RootData API, such as project descriptions and personnel profiles, which creates a potential surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through several endpoints on
api.rootdata.com, such as/ser_invand/get_item. - Boundary markers: There are no explicit instructions or delimiters used to isolate external API data or instruct the agent to ignore instructions embedded within the data.
- Capability inventory: The skill is capable of network communication (API requests) and shell command execution (via the update script in SKILL.md).
- Sanitization: No specific sanitization or validation logic is defined for the content returned by the external data providers.
Audit Metadata