vip-loan
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize shell commands, specifically
curlfor interacting with API endpoints andopensslfor performing cryptographic signing (HMAC SHA256, RSA, Ed25519) of request payloads. - [CREDENTIALS_UNSAFE]: The skill is designed to handle sensitive Binance API keys and secrets. It provides explicit directions for storing these credentials in a
TOOLS.mdfile and mandates that the agent mask these secrets (displaying only partial strings) during any interaction with the user. - [DATA_EXFILTRATION]: Authenticated data and transaction requests are transmitted to Binance's official API endpoints (
api.binance.com). This behavior is consistent with the skill's stated purpose of managing financial assets on a well-known service. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting credentials from user-provided files.
- Ingestion points: User-supplied text files containing API keys and secrets as described in
SKILL.md. - Boundary markers: Includes a manual safety gate requiring the user to type "CONFIRM" before any mainnet transaction is executed.
- Capability inventory: Employs network communication (
curl), cryptographic signing (openssl), and file system writes (TOOLS.md). - Sanitization: Implements mandatory masking logic for secret keys and provides guidance on IP whitelisting and restricted API permissions in the documentation.
Audit Metadata