convert
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages Binance API and Secret keys. It includes defensive guidelines to prevent exfiltration, such as prohibiting the transmission of keys to non-Binance domains and requiring secrets to be masked when displayed to users.
- [COMMAND_EXECUTION]: The documentation includes implementation examples for cryptographic signing using the
opensslutility and performing API requests viacurl. - [CREDENTIALS_UNSAFE]: The workflow describes storing API credentials in a local file. Although the skill provides instructions for the agent to protect these values, storing secrets in text files is an inherent risk.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. (1) Ingestion points: User-provided credential files and conversion parameters in SKILL.md. (2) Boundary markers: Instructions specify data formats for credentials. (3) Capability inventory: Network requests via curl and signing via openssl in references/authentication.md. (4) Sanitization: Mandatory masking of secrets and user confirmation for mainnet transactions.
Audit Metadata