bingx-standard-trade
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements read-only functionality for querying BingX exchange data. Analysis of the code and documentation shows it adheres to the intended purpose without attempting unauthorized actions.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to 'open-api.bingx.com' and 'open-api.bingx.pro'. These are official domains associated with the BingX exchange, consistent with the skill's primary function and the author's identity.
- [COMMAND_EXECUTION]: The provided TypeScript code uses standard libraries (crypto, fetch) for authenticated API communication. It does not execute arbitrary shell commands or perform dangerous system-level operations.
- [CREDENTIALS_UNSAFE]: The skill correctly requires API credentials (apiKey, secretKey) to be provided at runtime for authentication. It does not contain hardcoded secrets or attempt to exfiltrate credentials to unauthorized third parties.
- [PROMPT_INJECTION]: The 'Agent Interaction Rules' provide clear, benign instructions for managing user queries and presenting data. No patterns attempting to bypass safety filters or override system instructions were found.
- [DATA_EXFILTRATION]: While the skill accesses sensitive financial information (balances, positions), this is the primary functionality requested by the user. There is no evidence of data being sent to any destination other than the user or the official BingX API endpoints.
Audit Metadata