okx-wallet-portfolio
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads installer scripts and integrity checksums from the official OKX GitHub repository (okx/onchainos-skills).
- [REMOTE_CODE_EXECUTION]: The skill executes a downloaded shell or PowerShell script to install the onchainos CLI tool. It mitigates risk by verifying the script's SHA256 checksum against a trusted manifest before execution.
- [COMMAND_EXECUTION]: Uses various system commands to verify file integrity and run the portfolio management tool, including curl, shasum, and the onchainos binary.
- [PROMPT_INJECTION]: The skill processes untrusted token metadata from blockchain APIs; it includes instructions for the agent to treat this content as data rather than instructions, mitigating the surface for indirect prompt injection. 1. Ingestion points: Token assets from onchainos portfolio commands. 2. Boundary markers: Instruction-level warnings to the agent. 3. Capability inventory: curl, sh, powershell, and the onchainos CLI. 4. Sanitization: Explicit agent instructions and user-facing data quality warnings.
Audit Metadata