The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs authenticated network requests to official BingX domains (e.g., open-api.bingx.com) to retrieve agent and commission statistics. This behavior is consistent with the skill's primary purpose and targets a well-known service.
[PROMPT_INJECTION]: Indirect prompt injection surface detected. 1. Ingestion points: External data fields such as 'remarks' or 'names' returned from the BingX API (api-reference.md). 2. Boundary markers: Absent. 3. Capability inventory: Read-only GET requests (SKILL.md). 4. Sanitization: Absent. The risk is negligible as the skill lacks capabilities like command execution or file system modification.
[SAFE]: The included TypeScript code follows standard practices for HMAC SHA256 request signing and contains no hardcoded credentials, obfuscation, or persistence mechanisms.

bingx-agent