opentrade-dex-swap
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill uses the
curl -sSL <URL> | shpattern to install and update theopentradeCLI tool (file: SKILL.md). This piped shell execution allows for arbitrary remote code execution and is flagged as a high-risk pattern. - [COMMAND_EXECUTION]: The skill's core functionality relies on executing a custom CLI tool (
opentrade) on the host system, which is installed via a remote script. - [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it accepts untrusted data (such as token addresses and amounts) from the user and interpolates them directly into shell commands without visible sanitization or boundary markers. Ingestion points: User-provided swap parameters in SKILL.md. Capability inventory: Execution of custom CLI via shell commands. Sanitization: Absent.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses the local file system at
~/.opentrade/last_checkto read and compare timestamps for its internal update mechanism (file: SKILL.md). - [TIME_DELAYED_OR_CONDITIONAL_ATTACKS]: The skill uses conditional logic based on a timestamp check (`(now
- cached_ts) < 43200`) to gate the execution of the remote installation and update script (file: SKILL.md).
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata