crypto-trading-advisor
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The README recommends installation via
npx @0xrikt/crypto-trading-advisor. This command executes a Node.js script provided by an untrusted third-party author. While the current script is minimal, thenpxexecution model allows for arbitrary remote code execution on the user's machine. - EXTERNAL_DOWNLOADS (MEDIUM): The Node.js script
bin/index.jsfetches the actualSKILL.mdcontent from a remote GitHub URL at runtime. This dynamic loading of instructions can be used to update or change the skill's behavior without a corresponding update to the local package, bypassing static review. - COMMAND_EXECUTION (MEDIUM): The included binary script performs network requests and writes files to the local disk (
fs.writeFileSync). These capabilities, while used here for installation, represent a security risk if the remote download source were compromised. - Indirect Prompt Injection (LOW): 1. Ingestion points: Various external cryptocurrency data and sentiment websites (e.g., CoinGlass, DefiLlama, Arkham) as specified in the
SKILL.mddata tables. 2. Boundary markers: Absent. There are no instructions for the agent to treat fetched data differently from internal logic. 3. Capability inventory: Trading advice and market data retrieval. 4. Sanitization: None. The agent is encouraged to directly use and interpret data from these external sites in its responses.
Audit Metadata