binance-futures
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONNO_CODECOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill mandates the use of BINANCE_API_KEY and BINANCE_API_SECRET, which are highly sensitive secrets providing control over financial assets.
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted market data and query strings through commands like /bf markets [query]. Because it has write capabilities (executing trades, setting leverage), this presents a high-risk surface where malicious external data could influence trading decisions.
- [Unverifiable Dependencies] (MEDIUM): As no code is provided, the external libraries used for Binance connectivity and database management cannot be audited.
- [Privilege Escalation] (HIGH): The skill allows for 125x leverage and significant account modifications (closing all positions), which represents a high-impact capability set.
Recommendations
- AI detected serious security threats
Audit Metadata