Skills
skills/okx/plugin-store/yield-strategy-advisor/Gen Agent Trust Hub

yield-strategy-advisor

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill contains a pre-flight script that fetches versioning information from the official OKX GitHub repository and performs self-updates using the npx skills add command.
  • [COMMAND_EXECUTION]: A bash script is executed during the initialization phase to manage a local update cache and perform version comparisons using standard shell utilities like curl, grep, and awk.
  • [DATA_EXFILTRATION]: The skill transmits non-sensitive user preferences such as asset type, blockchain network, and capital size to the Barker API (api.barker.money) to retrieve real-time yield data.
  • [PROMPT_INJECTION]: The skill identifies the Barker API as an ingestion point for untrusted data. It includes explicit instructions for the AI agent to treat all strings returned from the API as data rather than instructions and to avoid executing any imperative text found in the response fields.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 01:56 AM