use-ritmex-bot
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands that interact with cryptocurrency exchanges.
- Evidence: Commands such as
ritmex-bot order create,ritmex-bot order cancel-all, andritmex-bot strategy runare used to perform high-stakes financial operations. - [EXTERNAL_DOWNLOADS]: The skill utilizes package runners to obtain the necessary tools from remote registries at runtime.
- Evidence: The instructions recommend using
npx ritmex-botandbunx ritmex-bot, which download packages from the npm or Bun registries. - [REMOTE_CODE_EXECUTION]: Code fetched from external registries is executed immediately within the agent's environment.
- Evidence: The use of
npxandbunxleads to the execution of code that is not part of the skill's static distribution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses data originating from external cryptocurrency exchanges.
- Ingestion points: JSON output generated by
ritmex-bot(sourced from exchange API responses) is parsed by the agent. - Boundary markers: There are no explicit markers or instructions provided to the agent to treat the CLI output as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has access to sensitive capabilities, including order creation and strategy execution.
- Sanitization: The skill does not define any sanitization or validation logic for the data received from external sources before it is processed by the agent.
Audit Metadata