derivatives-trading-options
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill implements security controls appropriate for financial trading operations.
- [DATA_EXFILTRATION]: Network activity is restricted to official Binance domains (eapi.binance.com and testnet.binancefuture.com) for API interactions. No unauthorized data transfer or exfiltration patterns were identified.
- [CREDENTIALS_UNSAFE]: The skill provides explicit instructions for the agent to protect user credentials, including mandatory masking of API keys and secret keys in any visible output, and requiring 'CONFIRM' prompts for real transactions.
- [COMMAND_EXECUTION]: Shell execution (via curl and openssl) is used legitimately for API communication and cryptographic signing of requests, consistent with the vendor's documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes data from external API responses.
- Ingestion points: Data returned from Binance API endpoints (e.g., /eapi/v1/ticker, /eapi/v1/position).
- Boundary markers: None identified in the skill body to delimit API content from agent instructions.
- Capability inventory: Execution of shell commands (curl, openssl) is documented in the authentication reference.
- Sanitization: No explicit validation or filtering of content retrieved from the API is described.
Audit Metadata