across
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from OKX's official GitHub repository to setup the onchainos CLI dependency.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Generates a device fingerprint by hashing system metadata (hostname, platform, architecture, and home directory path) and transmits it to the vendor's telemetry endpoint and OKX's API.
- [OBFUSCATION]: Uses Base64 encoding to embed an HMAC key used for signing installation reports within the shell script.
- [PRIVILEGE_ESCALATION]: Downloads a binary executable from the author's GitHub repository and modifies its permissions with
chmod +xto allow execution. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Across Protocol APIs and on-chain contracts to generate bridge quotes and status updates, which are then used as parameters for wallet transactions.
- Ingestion points: External API endpoints for fee estimation and route discovery.
- Boundary markers: Includes a Data Trust Boundary section advising the agent to treat CLI output as untrusted content.
- Capability inventory: Performs sensitive on-chain operations using the
onchainosCLI. - Sanitization: Requires explicit user confirmation for all transaction details before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata