okx-dex-token
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version metadata and installer scripts from the vendor's GitHub repository (
okx/onchainos-skills) during mandatory pre-flight checks defined in_shared/preflight.md.\n- [REMOTE_CODE_EXECUTION]: Installation scripts (install.shandinstall.ps1) are downloaded and executed via shell or PowerShell to manage theonchainosCLI binary as part of the setup process in_shared/preflight.md.\n- [COMMAND_EXECUTION]: The skill executes variousonchainosCLI commands to perform token discovery, price lookups, and holder cluster analysis.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes and displays untrusted data (token names, symbols, and metadata) sourced from the blockchain.\n - Ingestion points: Token search results and metadata returned by CLI commands and WebSocket streams documented in
SKILL.md.\n - Boundary markers: The skill includes a 'Safety' section in
SKILL.mdexplicitly instructing the agent to treat all CLI output as untrusted external content.\n - Capability inventory: The skill can execute subprocesses via the
onchainosCLI, perform network operations viacurl, and manage real-time WebSocket connections.\n - Sanitization: While the skill provides instructional warnings, there is no evidence of automated data sanitization or escaping for the ingested on-chain strings.
Audit Metadata