upbit
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to install an external dependency from the NPM registry to function.
- Evidence: Instructions in
references/setup.mdmandate runningnpm install -g @upbit-official/upbit-cli. - [COMMAND_EXECUTION]: The core functionality of the skill is based on executing shell commands through the
upbitCLI binary. - Evidence: Numerous command examples throughout
SKILL.mdand reference files, such asupbit accounts listandupbit orders create. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the external Upbit REST API.
- Ingestion points: Market data, order books, and account history retrieved from the Upbit API via CLI commands.
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to treat the API output as untrusted data when explaining it to the user.
- Capability inventory: Includes high-impact operations such as
orders createandwithdraws create-withdrawal. - Sanitization: Absent; the agent is instructed to directly interpret and translate field names from the raw CLI output.
- [DATA_EXFILTRATION]: The skill performs a network request to a third-party service to retrieve the user's public IP address during setup.
- Evidence:
curl -s https://api.ipify.orginreferences/setup.md. Note:api.ipify.orgis recognized as a well-known utility service.
Audit Metadata