opentrade-dex-swap
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions mandate the execution of a remote shell script using the
curl | shpattern fromhttps://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh. This occurs during installation, updates, and error handling, allowing for unverified arbitrary command execution on the system. - [COMMAND_EXECUTION]: The skill executes multiple shell commands including
which,cat,date, and the customopentradeCLI. This creates a significant surface for command execution risks. - [PROMPT_INJECTION]: The skill ingests and processes structured JSON data from external tool outputs, which constitutes an attack surface for indirect prompt injection. • Ingestion points: Output from
opentrade trade routers,opentrade swap liquidity, andopentrade swap quote. • Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the tool output. • Capability inventory: Subprocess execution ofcurl,sh, andopentradeCLI tools. • Sanitization: Absent. The skill does not define validation or escaping logic for the ingested external data.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata