upbit

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to install an external dependency from the NPM registry to function.
  • Evidence: Instructions in references/setup.md mandate running npm install -g @upbit-official/upbit-cli.
  • [COMMAND_EXECUTION]: The core functionality of the skill is based on executing shell commands through the upbit CLI binary.
  • Evidence: Numerous command examples throughout SKILL.md and reference files, such as upbit accounts list and upbit orders create.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the external Upbit REST API.
  • Ingestion points: Market data, order books, and account history retrieved from the Upbit API via CLI commands.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to treat the API output as untrusted data when explaining it to the user.
  • Capability inventory: Includes high-impact operations such as orders create and withdraws create-withdrawal.
  • Sanitization: Absent; the agent is instructed to directly interpret and translate field names from the raw CLI output.
  • [DATA_EXFILTRATION]: The skill performs a network request to a third-party service to retrieve the user's public IP address during setup.
  • Evidence: curl -s https://api.ipify.org in references/setup.md. Note: api.ipify.org is recognized as a well-known utility service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 06:02 AM
Security Audit — agent-trust-hub — upbit