Skills
skills/okx/agent-skills/okx-cex-skill-mp/Gen Agent Trust Hub

okx-cex-skill-mp

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the okx CLI tool to perform various marketplace operations, including searching for skills, listing categories, and managing local installations.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @okx_ai/okx-trade-cli package from the npm registry and downloads zip-compressed skill packages from the OKX marketplace API during the installation process.
  • [REMOTE_CODE_EXECUTION]: The okx skill add command is designed to download and automatically install modular AI skills (sets of instructions and potentially supporting files) from a remote marketplace into the local agent's environment.
  • [PROMPT_INJECTION]: As the skill ingests and displays data from an external marketplace (such as skill descriptions and metadata), it possesses an attack surface for indirect prompt injection. The documentation notes that the CLI performs a validation step (checking for metadata and the presence of SKILL.md) to mitigate basic risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 07:00 AM