Skills
skills/xiaowen-0725/openydt-cli/openydt-coupon/Gen Agent Trust Hub

openydt-coupon

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the openydt CLI binary to perform all its operations, including creating, modifying, and deleting merchant and coupon data. All write operations require a --yes flag as a safety confirmation mechanism.
  • [CREDENTIALS_UNSAFE]: The validate-trader-account-and-password command accepts a --trader-password parameter in cleartext. While this is standard for the documented administrative functionality, handling passwords in CLI arguments is a sensitive operation.
  • [DATA_EXFILTRATION]: The lock-coupon command accepts a --url parameter. Depending on the implementation of the openydt binary, this could lead to outbound network requests, which is an expected part of the described 'coupon locking' workflow but remains a potential vector for external communication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:16 PM
Security Audit — agent-trust-hub — openydt-coupon