Skills
skills/jasonviipers/okx-trading-skill/okx-provider-broker/Gen Agent Trust Hub

okx-provider-broker

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill facilitates the ingestion of external data which could potentially contain malicious instructions intended to manipulate the agent's behavior.
  • Ingestion points: Market data (tickers, trades), account data (bills, fills), and especially error messages (msg field) defined in references/okx-error-map.md and references/okx-sdk-usage.md.
  • Boundary markers: There are no explicit instructions or delimiters defined to treat API-returned strings as untrusted data or to ignore instructions embedded within them.
  • Capability inventory: The skill provides methods for full trade execution, including submitOrder, cancelOrder, and setLeverage as seen in references/okx-sdk-usage.md.
  • Sanitization: No sanitization or validation logic is prescribed for strings returned by the OKX API before they are presented to the agent's reasoning context.
  • [Data Exposure] (LOW): The skill instructions in SKILL.md explicitly require the use of sensitive credentials (API key, secret, and passphrase). While no hardcoded secrets are present, the handling of these high-value credentials by the agent creates an inherent exposure risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:32 PM