Skills
skills/okx/onchainos-skills/okx-growth-competition/Gen Agent Trust Hub

okx-growth-competition

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes a hardcoded project identifier (OK-ACCESS-PROJECT: 4d156bf0c61130f2692d097ecb68dbe4) within the references/cli-reference.md file, which is used as a header for authenticating requests to the vendor's API.
  • [INDIRECT_PROMPT_INJECTION]: The skill retrieves and displays data from external APIs that could potentially contain malicious instructions intended to influence the agent's behavior.
  • Ingestion points: Data is ingested through the onchainos competition list, onchainos competition detail, and onchainos competition rank commands.
  • Boundary markers: The skill uses strict formatting templates and markers like <MUST> and <NEVER> for the agent, but it does not implement specific delimiters or 'ignore' instructions for the data retrieved from the APIs.
  • Capability inventory: The skill has the ability to execute shell commands (onchainos), access wallet addresses, and delegate trade executions to other skills.
  • Sanitization: There is no evidence of explicit sanitization or filtering of the natural language strings returned by the competition APIs before they are rendered to the user.
  • [COMMAND_EXECUTION]: The skill relies extensively on the onchainos CLI tool to perform blockchain queries, registration, and reward claims, which involves executing system-level commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 03:27 AM