Skills
skills/holon-run/uxc/okx-mcp-skill/Gen Agent Trust Hub

okx-mcp-skill

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains a hardcoded API key d573a84c-8e79-4a35-b0c6-427e9ad2478d in SKILL.md and usage-patterns.md. While labeled as a trial key, hardcoding credentials in instruction files is a security risk.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local commands using the uxc tool to perform blockchain operations such as market data retrieval and wallet management.
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through parameters like address, tokenContractAddress, and search in usage-patterns.md.
  • Boundary markers: No explicit delimiters are used to isolate user-provided data from the command structure.
  • Capability inventory: The skill can execute high-impact financial operations including token swaps and contract approvals via uxc.
  • Sanitization: No validation or filtering mechanisms are present to prevent malicious data from manipulating command execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 05:42 AM