bingx-swap-market
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses API keys and secrets for request signing, which are handled locally to generate HMAC signatures. Communication is restricted to official BingX domains (open-api.bingx.com and open-api.bingx.pro), representing standard and safe vendor resource usage.
- [COMMAND_EXECUTION]: All API parameters are validated against a strict character filter (/[&=?#\r\n]/) to prevent parameter injection or request tampering, demonstrating security-conscious coding practices.
- [SAFE]: The implementation handles external market data in a read-only manner. The potential for indirect prompt injection is mitigated by the structured nature of the financial data and the use of specialized parsing libraries like json-bigint.
- [SAFE]: Indirect prompt injection assessment: 1. Ingestion points: Market data responses from BingX API endpoints (e.g., klines, trades, ticker). 2. Boundary markers: The agent is instructed to extract structured fields rather than interpreting raw text. 3. Capability inventory: Network access via fetch restricted to official API domains. 4. Sanitization: Parameters are filtered for special characters before being used in requests.
Audit Metadata