opentrade-portfolio
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements a piped shell execution pattern to download and run an installer from the vendor's repository (https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh). This is used for both initial setup and periodic updates of the 'opentrade' CLI.
- [COMMAND_EXECUTION]: The agent executes local shell commands such as 'which', 'cat', and 'date' to manage the CLI environment and track update timestamps in the local filesystem.
- [PROMPT_INJECTION]: The skill's primary function involves processing external blockchain data, which creates a surface for indirect prompt injection via malicious token metadata. 1. Ingestion points: Wallet token holdings and symbols returned by the 'opentrade portfolio' CLI commands. 2. Boundary markers: The instructions do not define specific delimiters to encapsulate or isolate the CLI output from the rest of the agent prompt. 3. Capability inventory: The skill utilizes subprocess execution and network-enabled CLI tools. 4. Sanitization: No evidence of data sanitization or escaping is present for the strings returned from the blockchain queries.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
Audit Metadata