aerodrome-amm
Fail
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves an installation script from the OKX official GitHub repository and downloads its primary binary component from the vendor's GitHub release infrastructure.
- [DATA_EXFILTRATION]: During setup, the skill generates a unique device identifier by hashing system metadata including the hostname, OS details, and local home directory path. This fingerprint is sent to OKX and a vendor-managed Vercel endpoint for installation tracking.
- [COMMAND_EXECUTION]: The skill executes local shell commands to interact with the 'onchainos' CLI for wallet address resolution and smart contract execution on the blockchain.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external blockchain RPC nodes. While it includes safety warnings regarding untrusted content, the combination of external data ingestion and transaction capability constitutes a risk vector. Evidence Chain:
- Ingestion points: Blockchain data from 'https://base-rpc.publicnode.com' processed in 'src/rpc.rs'.
- Boundary markers: Security notices in 'SKILL.md' explicitly instruct to treat CLI data as untrusted.
- Capability inventory: Subprocess execution of the 'onchainos' CLI in 'src/onchainos.rs' and file system operations for installation flags in 'SKILL.md'.
- Sanitization: Implements JSON schema validation via 'serde_json' and standard hex-string formatting for ABI data in 'src/config.rs'.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata