spot
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive Binance API keys and instructs the agent to store them in a local plain text file named
TOOLS.md. It also directs the agent to read secrets from user-provided files. - [COMMAND_EXECUTION]: The skill documentation provides examples of shell commands using
opensslfor signing transactions andcurlfor API communication, which the agent is expected to execute. - [DATA_EXFILTRATION]: The skill initiates network requests to Binance's official API endpoints for account management and trading operations.
- [PROMPT_INJECTION]: The skill includes behavioral instructions for secret masking and transaction confirmation. It also contains misleading metadata claiming "Binance" as the author, whereas the actual vendor is "akasuv".
Audit Metadata