opentrade-market
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes a shell script from a remote GitHub repository by piping it directly to the shell during installation, updates, and error recovery (SKILL.md). This allows arbitrary code execution from a source flagged as untrusted by automated scanners.
- [COMMAND_EXECUTION]: The skill uses shell commands to verify the installation of the CLI, read local configuration files for update timestamps, and execute the market data CLI tool (SKILL.md).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: External API data from market signals and meme token lists fetched via the opentrade CLI. Boundary markers: None present to delimit untrusted data or warn the agent. Capability inventory: The skill can execute shell commands via the opentrade CLI and bash. Sanitization: No sanitization or validation of external strings is mentioned before they are displayed and incorporated into the conversation context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata