The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes system commands including curl for network requests and openssl for cryptographic signing (HMAC SHA256, RSA, and Ed25519). These operations are restricted to interacting with official Binance API endpoints (api.binance.com) and are essential for the skill's core functionality.
[DATA_EXPOSURE]: The skill manages sensitive API keys and secrets. It implements several protective measures: credentials must be stored in a local TOOLS.md file, secrets must be masked in the user interface (showing only the last 5 characters), and the agent is instructed never to disclose the file path of the credentials. These measures significantly reduce the risk of accidental exposure.
[PROMPT_INJECTION]: The skill includes instructions to confirm mainnet transactions with a "CONFIRM" prompt and enforces security boundaries regarding credential handling. No malicious instructions or bypass attempts were found.
[EXTERNAL_DOWNLOADS]: All network activity is directed toward the vendor's own well-known domain (api.binance.com). The skill does not perform any unauthorized or suspicious external downloads.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: User-provided trading parameters (e.g., amount, asset) and API credential files (as described in SKILL.md).
Boundary markers: Includes a mandatory user confirmation step ("CONFIRM") for all mainnet transactions.
Capability inventory: Employs curl for executing HTTP requests and openssl for generating request signatures (as detailed in references/authentication.md).
Sanitization: Instructions require percent-encoding of all parameters according to RFC 3986 prior to signing and transmission.

derivatives-trading-portfolio-margin-pro