kucoin-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a curated OpenAPI specification from the holon-run organization's GitHub repository. This is a trusted vendor source providing configuration data for the API client.
- [COMMAND_EXECUTION]: Utilizes the 'uxc link' command to create a local CLI alias for interacting with the KuCoin API. This is a standard setup procedure for the uxc tool ecosystem.
- [DATA_EXFILTRATION]: Performs legitimate network requests to 'api.kucoin.com' to retrieve market information. No access to sensitive local environment variables or private configuration files was detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external market data (symbols, tickers, order books) which enters the agent's context. However, the skill is constrained to read-only operations and does not possess capabilities (like file writing or shell execution) that would make it vulnerable to exploitation through this data.
Audit Metadata