Skills
skills/okx/plugin-store/compound-v3-plugin/Gen Agent Trust Hub

compound-v3-plugin

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes an environment setup script from the vendor's repository (okx/onchainos-skills) to prepare the environment for onchainos commands.
  • [EXTERNAL_DOWNLOADS]: Downloads platform-specific binaries and management scripts from the vendor's official GitHub releases to facilitate interaction with the Compound protocol.
  • [COMMAND_EXECUTION]: Utilizes the onchainos CLI and local binaries to manage wallet authentication and execute smart contract calls for lending and borrowing operations.
  • [PROMPT_INJECTION]: Ingests market data and position balances from public blockchain RPC providers.
  • Ingestion points: Reads data from public endpoints such as ethereum.publicnode.com and base-rpc.publicnode.com during position checks and market browsing.
  • Boundary markers: Includes a dedicated "Data Trust Boundary" security notice in the instructions to ensure the agent treats external data as untrusted and avoids interpreting it as instructions.
  • Capability inventory: Capable of initiating on-chain transactions and managing wallet status via the onchainos CLI upon user confirmation.
  • Sanitization: Employs strict numeric parsing and parameter validation within the Rust-compiled binary to prevent manipulation of transaction data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:13 PM