The Agent Skills Directory

[SAFE]: The skill does not contain any malicious code, obfuscated content, or unauthorized persistence mechanisms. All logic is transparently documented for secure implementation.
[DATA_EXFILTRATION]: The skill communicates with open-api.bingx.com and open-api.bingx.pro. These are legitimate endpoints belonging to the vendor (BingX-API) for the purpose of querying trading data. Request signing using HMAC SHA256 follows industry standards for API security.
[PROMPT_INJECTION]: The skill is designed to handle user-provided parameters securely, mitigating risks associated with indirect prompt injection:
Ingestion points: User-specified values for symbol, orderId, and time filters enter the workflow via agent instructions in SKILL.md.
Boundary markers: While explicit delimiters are not defined in the code snippets, the skill relies on strict validation logic.
Capability inventory: Performs external network requests using fetch and cryptographic operations using Node.js crypto module.
Sanitization: The skill includes a mandatory validateParams function that scans for injection characters (&, =, ?, #, etc.) and provides explicit instructions for the agent to validate input against regex patterns before calling the API.

bingx-standard-trade