hummingbot-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and runs setup and verification scripts from the official hummingbot repository using bash process substitution. Evidence: Scripts are retrieved from
https://raw.githubusercontent.com/hummingbot/skills/main/skills/hummingbot-deploy/scripts/. - [EXTERNAL_DOWNLOADS]: Downloads project source code from the official Hummingbot API and Condor repositories on GitHub. Evidence: Clones repositories from
https://github.com/hummingbot/. - [COMMAND_EXECUTION]: Uses system commands and Docker to configure and manage the trading environment. Evidence: Executes
docker pull,docker compose,make setup, andsedfor environment configuration. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection via unsanitized user inputs.
- Ingestion points: User-provided
<USERNAME>and<PASSWORD>parameters are passed directly to a shell script inSKILL.md. - Boundary markers: Absent. No delimiters are used to wrap the user-provided data.
- Capability inventory: Includes shell script execution, Docker container management, and file system modifications.
- Sanitization: Absent. User inputs are not validated or escaped before being interpolated into shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/hummingbot/skills/main/skills/hummingbot-deploy/scripts/install_mcp.sh, https://raw.githubusercontent.com/hummingbot/skills/main/skills/hummingbot-deploy/scripts/check_env.sh - DO NOT USE without thorough review
Audit Metadata