The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates network operations to official BingX API domains (bingx.com and bingx.pro) to transmit transaction parameters and initiate withdrawals. These operations involve handling sensitive API keys within request headers to authenticate with the service provider.
[COMMAND_EXECUTION]: Includes a TypeScript implementation for the agent to perform HMAC SHA256 signing via the 'crypto' module and execute network requests using the 'fetch' API. This logic is used to sign and send authenticated requests to the exchange.
[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface due to the ingestion of data from external API responses. (1) Ingestion points: Data enters the context through fields such as 'info' in withdrawal history and 'depositDesc' or 'specialTips' in coin configurations. (2) Boundary markers: The 'Agent Interaction Rules' enforce a human-in-the-loop safety boundary by requiring the user to type 'CONFIRM' before live withdrawals are executed. (3) Capability inventory: The skill can perform network operations and facilitate asset withdrawals via the POST /capital/withdraw/apply endpoint. (4) Sanitization: No explicit validation or escaping of ingested API strings is documented in the skill instructions.

bingx-spot-wallet