derivatives-trading-coin-futures
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill processes Binance API keys and secrets for authentication with official Binance endpoints (dapi.binance.com and testnet.binancefuture.com). It implements masking for credential display and uses vendor-appropriate domains.- [COMMAND_EXECUTION]: Utilizes standard system utilities, including curl and openssl, to handle request signing and communication with the Binance API.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external API responses while possessing significant write capabilities.
- Ingestion points: API response bodies from Binance endpoints as specified in SKILL.md.
- Boundary markers: Explicitly requests results in JSON format to help delimit data from instructions.
- Capability inventory: Extensive permissions including order placement, modification, and cancellation (POST/PUT/DELETE) across several scripts.
- Sanitization: Implements a critical safety check requiring the user to type "CONFIRM" before executing any transactions in a mainnet environment.
Audit Metadata