The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates sensitive financial operations such as internal asset transfers and API key management. It correctly implements HMAC-SHA256 signature authentication to protect request integrity. All network requests are directed to official BingX domains, which are recognized as well-known services associated with the skill's primary function.- [PROMPT_INJECTION]: The skill includes robust safety guidelines in the 'Agent Interaction Rules' section, mandating that the agent must request explicit user confirmation ('CONFIRM') before executing any write operations (e.g., transfers, freezing accounts) in the production environment.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes data from the BingX API (such as account notes and transaction history).
Ingestion points: GET endpoints in api-reference.md retrieve user-controlled strings like sub-account names and notes.
Boundary markers: The 'Agent Interaction Rules' section in SKILL.md acts as a manual safety check requiring user intervention for critical actions.
Capability inventory: The skill utilizes network request capabilities via the fetch API to interact with financial services.
Sanitization: No specific sanitization of API-returned data is performed before display to the agent.

bingx-sub-account