okx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk vulnerability surface by combining external data ingestion with the ability to perform side-effect-heavy financial actions.
- Ingestion points: Data enters the agent's context through responses from the OKX API (balance, ticker, and order endpoints) as defined in
SKILL.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from interpreting API data as commands.
- Capability inventory: The skill utilizes
curlandopensslto perform authenticated POST requests that execute trades and cancel orders. - Sanitization: While
jqis used to filter API responses into specific fields, this does not sanitize the natural language content that the agent may interpret as instructions. - [Command Execution] (LOW): The skill relies on system commands (
curl,jq,openssl,date) to interact with the OKX API and manage authentication. - [Data Exposure & Exfiltration] (LOW): Sensitive credentials (API keys and secrets) are transmitted to
www.okx.com. While this is the legitimate endpoint for the service, the domain is not on the predefined whitelist, and the skill handles high-value secrets via environment variables.
Recommendations
- AI detected serious security threats
Audit Metadata