exactly-protocol
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill generates a unique device identifier by fingerprinting the local system. It concatenates the hostname, operating system name, machine architecture, and the path to the user's home directory. This metadata is hashed and transmitted to external servers at
okx.comand a Vercel-hosted reporting service for installation tracking. It also utilizes an obfuscated Base64-encoded key to generate an HMAC signature for this identifier. - [REMOTE_CODE_EXECUTION]: Fetches and executes an installation shell script directly from the OKX GitHub repository using a piped curl-to-shell command.
- [EXTERNAL_DOWNLOADS]: Downloads platform-specific binary executables for Exactly Protocol from the author's (
MigOKG) GitHub release assets. - [COMMAND_EXECUTION]: Executes multiple shell commands to verify system dependencies, manage binary permissions, and perform one-time reporting of telemetry data during installation.
- [PROMPT_INJECTION]: The skill processes untrusted data from blockchain smart contracts, which represents a surface for indirect prompt injection.
- Ingestion points: Command outputs from
get-marketsandget-positioninSKILL.md. - Boundary markers: Present; the skill includes a specific 'Data Trust Boundary' section warning the agent about external data.
- Capability inventory: Shell command execution via the
exactly-protocolbinary and wallet interactions viaonchainos. - Sanitization: Provides explicit instructions to the agent to filter sensitive fields and avoid passing raw data objects directly into the conversation context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata