rootdata-crypto-plugin

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs an automated version check by fetching metadata from the official OKX GitHub repository. This is used to ensure the skill remains up-to-date and is consistent with the vendor's distribution model.
  • [COMMAND_EXECUTION]: Includes a shell script block for version management and updates. It uses the npx package runner to update the skill globally if a newer version is identified on the vendor's repository.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the RootData API, such as project descriptions and personnel profiles, which creates a potential surface for indirect prompt injection.
  • Ingestion points: Data enters the agent's context through several endpoints on api.rootdata.com, such as /ser_inv and /get_item.
  • Boundary markers: There are no explicit instructions or delimiters used to isolate external API data or instruct the agent to ignore instructions embedded within the data.
  • Capability inventory: The skill is capable of network communication (API requests) and shell command execution (via the update script in SKILL.md).
  • Sanitization: No specific sanitization or validation logic is defined for the content returned by the external data providers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 03:03 AM
Security Audit — agent-trust-hub — rootdata-crypto-plugin