The Agent Skills Directory

[SAFE]: The skill is designed for read-only access to account data via official BingX API endpoints. It uses standard HMAC-SHA256 authentication and does not contain any malicious code, obfuscation, or unauthorized data access patterns.
[PROMPT_INJECTION]: Analysis of indirect prompt injection surfaces shows that the skill ingests data from the BingX API (e.g., fund flow information).
Ingestion points: Data is received from open-api.bingx.com endpoints in the income and positions endpoints.
Boundary markers: Not explicitly defined in the instructions; data is directly displayed in tables.
Capability inventory: The skill uses fetch for API requests and the documentation mentions fs.writeFileSync for handling binary exports.
Sanitization: No specific sanitization of API response text is implemented. However, as the source is the user's own account data from a verified exchange, this represents a low-risk architectural characteristic rather than a vulnerability.

bingx-swap-account