p2p
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill interacts exclusively with official Binance domains (binance.com and api.binance.com) for both public market data and authenticated user history.
- [SAFE]: The skill implements strong credential security practices, including mandatory masking of API and Secret keys in output and instructions to store secrets in environment variables with .gitignore protection.
- [SAFE]: No malicious patterns, prompt injections, or obfuscated contents were identified. The version check mechanism and signing processes are standard for the provided Binance P2P services.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from P2P market advertisements and user order history, which constitutes an ingestion surface for untrusted data.
- Ingestion points: Market ad results from
/bapi/c2c/v1/public/c2c/agent/ad-listand order history from/sapi/v1/c2c/orderMatch/listUserOrderHistory. - Boundary markers: None explicitly defined in the provided prompt instructions for segmenting retrieved data.
- Capability inventory: Performs network requests via curl/HTTP to Binance API endpoints.
- Sanitization: No specific sanitization or filtering of the advertisement content (merchant names, descriptions) is specified before being presented to the user.
Audit Metadata