Skills
skills/bingx-api/api-ai-skills/bingx-agent/Gen Agent Trust Hub

bingx-agent

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses established vendor domains (bingx.com and bingx.pro) for all API communications.
  • [SAFE]: Implements standard HMAC SHA256 signature authentication for all requests, ensuring transaction integrity.
  • [SAFE]: Includes input validation logic within the fetchSigned function that checks for and rejects forbidden characters (&=?#) and newlines to mitigate injection attempts.
  • [DATA_EXFILTRATION]: While the skill retrieves sensitive agent data such as commissions, user UIDs, and KYC status, this information is only shared with authorized vendor endpoints over HTTPS.
  • [PROMPT_INJECTION]: Analysis of indirect injection surface: Ingestion points (API response data from /openApi/agent/* endpoints); Boundary markers (Implicitly managed via structured JSON responses from the server); Capability inventory (Read-only network access via fetch for data retrieval); Sanitization (Strict parameter validation and BigInt JSON parsing).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 02:36 PM