opentrade-dex-swap
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions direct the agent to download and execute a shell script from a remote URL (https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh) using
curl | shif the tool is not found, needs updating, or encounters an error. This pattern allows the execution of code hosted on a remote server.\n- [COMMAND_EXECUTION]: The skill performs multiple local command executions, includingwhichfor dependency verification,dateandcatfor managing update intervals, and several calls to theopentradeCLI tool to perform quote and swap operations.\n- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and version-check configuration from the developer's GitHub repository (github.com/6551Team).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes the output of external CLI commands to determine transaction parameters.\n - Ingestion points: JSON responses from
opentrade trade routersandopentrade swap quote.\n - Boundary markers: The skill expects specific JSON schemas but does not define explicit sanitization for the content of those fields.\n
- Capability inventory: The skill can generate and approve blockchain transaction data, which is then broadcast to the network.\n
- Sanitization: No explicit sanitization or validation of the CLI tool's output is mentioned before using the data in subsequent commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
Audit Metadata