binance
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection due to its write/execute capabilities in a financial context. 1. Ingestion points: User trading instructions and Binance API responses (SKILL.md). 2. Boundary markers: Absent. Natural language instructions are used instead of technical delimiters. 3. Capability inventory: Placing and canceling orders, and converting assets via shell-based API calls. 4. Sanitization: No input validation or output encoding is performed.
- [COMMAND_EXECUTION] (MEDIUM): Uses curl and openssl to handle high-value secrets (BINANCE_API_KEY/SECRET). The direct use of sensitive credentials in shell scripts is a risk factor for credential exposure if the agent's execution environment is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata