top-rank-tokens-sniper
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The main script,
ranking_sniper.py, includes error handling that directs users to install the required dependency by piping a script fromonchainos.cominto bash. This is a sanctioned installation method for the vendor-owned CLI tool. - [COMMAND_EXECUTION]: The skill uses
subprocess.run()inranking_sniper.pyandrisk_check.pyto interface with theonchainosCLI. These calls are used to fetch market rankings, perform multi-level safety scans, and execute token swaps on the Solana network. The commands are constructed using a list of arguments, which prevents standard shell injection attacks. - [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection because it processes untrusted metadata from the OKX leaderboard.
- Ingestion points: Token symbols and contract addresses are fetched from the OKX trending API via the CLI in
ranking_sniper.py. - Boundary markers: No explicit delimiters are used when logging or displaying these strings to differentiate them from system instructions.
- Capability inventory: The bot has the capability to perform on-chain swaps, wallet management, and file system writes via
subprocess.runand standard library functions. - Sanitization: The skill does not sanitize or validate the length/content of token symbols before they are processed and displayed in the web dashboard.
Audit Metadata