Skills
skills/wy51ai/web3-starter-kit/web3-trade-simulator/Gen Agent Trust Hub

web3-trade-simulator

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill requires running curl -sSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh, which executes an external script with shell privileges without inspection or verification.
  • [COMMAND_EXECUTION]: The workflow relies on executing several onchainos CLI commands to perform its core functions.
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and data from a GitHub repository (okx/onchainos-skills) not found on the trusted vendors list.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Token information and market data from the onchainos CLI. Boundary markers: None identified. Capability inventory: Shell command execution and file operations in the user's home directory. Sanitization: No validation of external data is implemented before use.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 12:04 PM