openmm-portfolio
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation instructions require the Node.js package
@3rd-eye-labs/openmm. This package originates from an organization that is not on the trusted vendor list and does not match the skill author's identity ("qbtlabs"), making it an unverifiable dependency. - [COMMAND_EXECUTION]: The skill uses a restricted Bash environment to execute
openmmCLI commands. While execution is scoped to this binary, the tool originates from an unverified external source and is granted access to sensitive exchange API credentials stored in environment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted data from external exchange APIs.
- Ingestion points: Market data, order books, and trade histories retrieved via
openmm ticker,openmm orderbook, andopenmm tradescommands (referenced in SKILL.md). - Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore potential commands embedded in the tool's output.
- Capability inventory: Includes tools for querying balances and listing open orders across multiple configured exchanges.
- Sanitization: No sanitization or validation logic is specified for the text returned by the exchange APIs before it reaches the agent.
Audit Metadata