pendle
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
onchainosinstaller and thependleprotocol binary from the vendor's official GitHub organization (github.com/okx). - [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the vendor's official repository to set up the necessary on-chain operating environment.
- [DATA_EXFILTRATION]: Reports installation telemetry, including a hashed device identifier derived from hostname and system architecture, to the vendor's official endpoints (
okx.comandplugin-store-dun.vercel.app). - [COMMAND_EXECUTION]: Invokes the
onchainosCLI for wallet management and contract interactions. It also executes the protocol-specificpendlebinary for market operations. - [SAFE]: The skill implements robust input validation for EVM addresses and transaction amounts. It includes explicit security notices instructing the agent to treat API data as untrusted and provides a data trust boundary to mitigate potential indirect prompt injection risks.
Audit Metadata