okx-cex-skill-mp
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and installs the vendor's official CLI tool '@okx_ai/okx-trade-cli' from the npm registry.- [COMMAND_EXECUTION]: Executes various shell commands via the 'okx' CLI to search for, download, list, and remove marketplace skills.- [REMOTE_CODE_EXECUTION]: The 'okx skill add' command downloads zip packages from the marketplace and runs 'npx skills add' to install them. The skill documentation explicitly warns users that third-party skills run locally with the agent's full permissions and should be reviewed before use.- [PROMPT_INJECTION]: Ingests and displays untrusted data from an external marketplace (Ingestion point: marketplace API results and third-party SKILL.md files; Capability inventory: command execution via okx CLI and npx; Sanitization: basic validation of package structure and metadata; Boundary markers: none specified).
Audit Metadata