okx-dex-signal
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes an installation script (
install.shorinstall.ps1) from theokx/onchainos-skillsGitHub repository to install theonchainosCLI utility. As a security mitigation, it fetches ainstaller-checksums.txtfile and verifies the script's SHA256 hash before execution. The source is the official repository of OKX, a well-known financial technology service. - [COMMAND_EXECUTION]: The skill invokes the locally installed
onchainosbinary to perform market signal queries on various blockchains. - [EXTERNAL_DOWNLOADS]: The skill fetches the latest version metadata from the GitHub API and downloads binary installers and checksum files from GitHub. These resources originate from a well-known service (OKX).
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes real-time blockchain signal data.
- Ingestion points: Data enters via the
onchainos signal listcommand. - Boundary markers: The skill explicitly instructs the agent to treat CLI output as untrusted external content and warns against interpreting it as instructions.
- Capability inventory: The skill has the capability to run shell commands and write to temporary system directories.
- Sanitization: The skill relies on instruction-based boundary markers to prevent the agent from obeying instructions embedded in on-chain data.
Audit Metadata