Skills
skills/okx/plugin-store/stablecoin-yield-radar/Gen Agent Trust Hub

stablecoin-yield-radar

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to 'api.barker.money' to fetch financial data and accesses the 'okx/plugin-store' repository on GitHub to retrieve version information.
  • [COMMAND_EXECUTION]: The skill contains a bash script designed for version checking and automated updates. This script utilizes 'curl' to fetch metadata and 'npx' to update the skill globally from the vendor's repository.
  • [PROMPT_INJECTION]: The skill addresses potential indirect prompt injection (Category 8) by implementing an external data boundary. 1. Ingestion points: Barker Public API response fields (protocol names, asset symbols, chain names). 2. Boundary markers: Present in the 'Security: External Data Boundary' section. 3. Capability inventory: Bash script execution for version checking and skill updates via 'npx'. 4. Sanitization: Explicit instructions for the agent to treat API responses as untrusted data and ignore any embedded imperative text.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 05:32 AM