hummingbot
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): File
references/troubleshooting.mdcontains instructions to executesudo usermod -aG docker $USERandsudo chmod 666 /var/run/docker.sock. These operations grant a user full control over the Docker daemon, which can be trivially leveraged to obtain root privileges on the host system. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill references the installation of the
hummingbot-api-clientPython package and the execution of local scripts likebin/hummingbot_quickstart.py(mentioned inSKILL.md). These are external components from a source not included in the Trusted External Sources list. - Indirect Prompt Injection (LOW): The skill is designed to process untrusted market data and external API responses from cryptocurrency exchanges (
references/trading.md). - Ingestion points: External market data and API responses referenced in
references/trading.md. - Boundary markers: Absent.
- Capability inventory: Order management, balance checks, and Docker management interactions.
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata