opentrade-portfolio
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script from a remote URL using a dangerous piped command:
curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh. This pattern is invoked during the initial setup, every 12 hours for updates, and as a recovery mechanism if a command fails. - [EXTERNAL_DOWNLOADS]: Fetches executable content from a third-party GitHub repository (
6551Team/openskills). Although the repository appears to be owned by the skill's author, executing remote scripts without verification is a high-risk behavior. - [COMMAND_EXECUTION]: The skill performs several local system operations, including checking for executable paths (
which opentrade), reading local state files (~/.opentrade/last_check), and executing theopentradeCLI with arguments derived from user input (e.g., wallet addresses). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external sources (blockchain token metadata and wallet balances) and interpolates this data into the agent's context. There are no defined boundary markers or sanitization steps to prevent malicious instructions embedded in token metadata from influencing agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata