bybit-trader
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests untrusted data from an external API which could theoretically contain malicious instructions.
- Ingestion points: Market data (tickers, orderbooks) and account information (positions, transaction logs) retrieved from Bybit V5 API endpoints.
- Boundary markers: Absent. The skill provides data to the agent in cleartext or formatted tables without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Significant trade execution capabilities, including order creation (
/v5/order/create), order modification, and leverage adjustment. - Sanitization: API responses are parsed via Python for display, but no string-level sanitization is performed to neutralize potential prompt injection attacks contained within API fields like symbol names or error messages.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
curlandopensslfor its core functionality of interacting with the exchange API. These operations are restricted to authorized Bybit domains and are necessary for the skill's stated purpose. - [DATA_EXFILTRATION] (SAFE): API credentials are used exclusively to generate signatures and are transmitted only to the official Bybit API endpoints via standard headers. No evidence of exfiltration to third-party domains was detected.
Audit Metadata