bingx-fund-account
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides clear instructions and code for interacting with the official BingX API. No malicious patterns or security risks were identified.
- [COMMAND_EXECUTION]: The skill includes a TypeScript implementation (
fetchSigned) designed to perform authenticated HTTP requests using thefetchAPI. These operations target established, well-known domains (open-api.bingx.com,open-api.bingx.pro) for the BingX exchange. - [DATA_EXFILTRATION]: While the skill manages API keys and secrets for request signing, it follows best practices by performing all authentication locally. It includes a
validateParamsutility that uses a regular expression (/[&=?#\r\n]/) to sanitize user-provided data, preventing unauthorized modification of the signed request structure. - [PROMPT_INJECTION]: The 'Agent Interaction Rules' contain explicit safety instructions requiring the agent to extract structured values from user intent and validate them against strict enums and regex patterns rather than passing raw user text to the API. This effectively mitigates standard injection risks.
Audit Metadata