binance-futures-signal-bot
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone a repository from an unverified third-party source (
github.com/Whit1985/Binance-Futures-Signal-Bot.git). This source is not associated with the skill author or a verified organization.- [REMOTE_CODE_EXECUTION]: The skill installs dependencies from an externalrequirements.txtfile and executes Python scripts (main.py) and shell scripts (run.sh) downloaded from the unverified repository.- [COMMAND_EXECUTION]: The instructions include making scripts executable (chmod +x run.sh) and modifying system-level firewall rules (sudo ufw allow 8080/tcp) to allow external webhook traffic.- [CREDENTIALS_UNSAFE]: The skill requests and manages sensitive credentials, including API keys and secrets for Binance, Bybit, and OKX, as well as Telegram bot tokens. Handling these secrets within unverified code environments creates a high risk of credential exposure.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted trade signals from external sources like Telegram channels and TradingView webhooks. - Ingestion points: Telegram messages and HTTP POST requests to
/webhook. - Boundary markers: None identified; signal data is parsed directly into execution parameters.
- Capability inventory: The skill can execute market orders, adjust leverage, and manage positions on multiple financial exchanges.
- Sanitization: No validation or sanitization of signal content is documented before processing.
Recommendations
- AI detected serious security threats
Audit Metadata