okx-a2a-payment
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary functionality is achieved by executing shell commands using the onchainos CLI tool. It provides templates for commands such as
onchainos payment a2a-pay createandonchainos payment a2a-pay pay, which incorporate user-supplied parameters like amount, symbol, and paymentId. This represents a command injection surface if the executing agent does not perform adequate input sanitization. - [PROMPT_INJECTION]: The skill contains logic for disambiguating user intents (e.g., 'request-invoice' vs 'payment-receipt') to manage the payment lifecycle correctly and prevent execution loops. These instructions are designed to maintain the integrity of the transaction workflow.
- [SAFE]: No malicious behaviors, obfuscation, or unauthorized data access patterns were detected. The skill's operations are consistent with its stated purpose of facilitating payments using the vendor's specialized CLI, and it explicitly documents the trust delegation involved in the buyer-side signing process.
Audit Metadata