bingx-coinm-market
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves cryptocurrency market data from official BingX API domains (open-api.bingx.com, open-api.bingx.pro). These are well-known services associated with the skill's stated purpose and represent legitimate data sources.\n- [COMMAND_EXECUTION]: Network requests are performed using the standard fetch API within a TypeScript helper. The implementation includes appropriate timeout handling and error checking, ensuring the operations remain within expected bounds.\n- [PROMPT_INJECTION]: The skill includes defensive instructions for the agent to validate user-supplied parameters against documented patterns and to reject potentially harmful characters (e.g., &, =, ?, #, or newlines), reducing the risk of injection.\n
- Ingestion points: Market data responses from the BingX API endpoints are processed as structured JSON.\n
- Boundary markers: Instructions suggest extracting structured values from user intent rather than copying raw text, maintaining a clear separation between data and logic.\n
- Capability inventory: The skill is restricted to HTTP GET requests for market data retrieval; it possesses no administrative, file-writing, or system-level execution capabilities.\n
- Sanitization: Input validation rules for symbols and intervals are explicitly defined and enforced in SKILL.md.
Audit Metadata