funding-rate-arbitrage
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes clear operational instructions and safety protocols. There are no attempts to override safety guidelines or bypass established constraints. Instructions for 'Pre-flight' checks and 'Account Safety' serve as functional guardrails rather than injection vectors.
- [DATA_EXFILTRATION]: The skill only requests market data from the OKX MCP server. It does not access sensitive local file paths (such as SSH keys or credentials) or transmit data to unauthorized external domains. Mentions of configuration files are for user troubleshooting only.
- [REMOTE_CODE_EXECUTION]: No patterns involving the download or execution of remote scripts (e.g., curl|bash) or the installation of external packages were detected.
- [COMMAND_EXECUTION]: The skill uses a strictly defined set of read-only market data tools. It does not attempt to execute arbitrary shell commands or acquire elevated privileges.
- [SAFE]: The skill lacks 'write' capabilities, meaning it cannot execute trades or move funds. While it processes external data from OKX, the absence of trade execution tools and the inclusion of data validation steps (parsing strings to numbers) mitigate potential indirect injection risks.
Audit Metadata