okx
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and install additional specialized tools from the official OKX GitHub repository (github.com/okx/onchainos-skills). These downloads are associated with a well-known technology service. - [COMMAND_EXECUTION]: The skill executes various
onchainosCLI commands to perform on-chain operations, such as token swaps, balance queries, and security scans. - [DATA_EXPOSURE]: The skill accesses a local audit log file located at
~/.onchainos/audit.jsonlto provide debugging information for developers. The documentation indicates that sensitive arguments in these logs are redacted. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from multiple blockchains (token names, holder descriptions, and trading signals) which could potentially contain malicious instructions.
- Ingestion points: Token metadata, wallet transaction history, and smart money signal metadata fetched via
okx-dex-market,okx-dex-token, andokx-dex-signal. - Boundary markers: No explicit delimitation or 'ignore instructions' markers are mentioned in the command descriptions.
- Capability inventory: Subprocess execution for blockchain transactions and file system access for log reading.
- Sanitization: None described; the skill relies on the underlying platform's handling of external data.
Audit Metadata