mayan
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts and CLI dependencies from OKX's official GitHub repository (
okx/onchainos-skills). - [EXTERNAL_DOWNLOADS]: Downloads the
mayanbinary and additional toolsets from the vendor's repository on GitHub (MigOKG/plugin-store). - [REMOTE_CODE_EXECUTION]: Executes a setup script for the
onchainosenvironment using a pipedcurl | shcommand from OKX's verified GitHub repository. - [COMMAND_EXECUTION]: Performs automated setup tasks including binary installation, directory creation (
~/.local/bin), and permission management (chmod +x) for the downloaded tools. - [DATA_EXFILTRATION]: Generates a device fingerprint using system metadata (hostname, OS, architecture, and home directory path) to create a unique installation ID. This metadata is sent to the vendor's domain (
plugin-store-dun.vercel.app) and OKX's official API (www.okx.com) for install reporting. This behavior is explicitly disclosed in the 'Data Trust Boundary' section of the skill. - [PROMPT_INJECTION]: The skill interacts with external blockchain data and third-party APIs, creating a potential surface for indirect prompt injection.
- Ingestion points: Results from
get-quote,swap, andget-statuscommands include data from on-chain contracts and Mayan Finance APIs. - Boundary markers: The documentation includes a 'Data Trust Boundary' that explicitly warns the agent to treat all returned data as untrusted and not to interpret it as instructions.
- Capability inventory: The skill can perform on-chain transactions and wallet operations via the
mayanandonchainosbinaries. - Sanitization: Instructions mandate that the agent filter CLI output to human-relevant fields only, preventing raw API responses from polluting the command context.
Audit Metadata