deepbook-trading
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High-risk Indirect Prompt Injection (IPI) surface detected. * Ingestion points: Market data is retrieved via src/query-wrapper.ts using methods like getOrderBook and getAccountInfo. * Boundary markers: No explicit boundary markers or 'ignore' instructions are used when passing retrieved blockchain data to the agent. * Capability inventory: The skill can execute transactions via src/transaction-wrapper.ts (placeLimitOrder, placeMarketOrder) and manage funds via src/balance-manager-wrapper.ts (withdraw, transferOwnership). * Sanitization: No sanitization of external blockchain data is performed to prevent prompt injection.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs @mysten/deepbook-v3 and @mysten/sui. These dependencies are not from the provided trusted organizations list and are therefore classified as unverifiable dependencies.
- [COMMAND_EXECUTION] (SAFE): The skill uses structured blockchain SDK calls rather than arbitrary shell commands. No risks of shell injection were found.
- [DATA_EXFILTRATION] (SAFE): Network calls are restricted to legitimate Sui RPC endpoints for blockchain operations; no sensitive data exfiltration patterns were detected.
Recommendations
- AI detected serious security threats
Audit Metadata