The Agent Skills Directory

[SAFE]: No security issues were detected. The skill's behavior is consistent with its stated purpose of providing a trading interface for the Crypto.com platform.- [COMMAND_EXECUTION]: The skill executes local TypeScript scripts via npx tsx to manage API interactions. This is a legitimate requirement for calculating the HMAC signatures necessary for secure communication with the Crypto.com API.- [EXTERNAL_DOWNLOADS]: Network operations are directed exclusively to the official API domain at https://wapi.crypto.com. The skill does not download or execute code from untrusted external sources.- [CREDENTIALS_UNSAFE]: The skill requires the user to set CDC_API_KEY and CDC_API_SECRET as environment variables. It includes instructions for the agent to verify these are set before proceeding, adhering to standard practices for secure secret management.- [SAFE]: The skill was evaluated for indirect prompt injection risks. 1. Ingestion points: User input for trade parameters and search keywords in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution and network access across all scripts. 4. Sanitization: User inputs are processed using structured methods (JSON.parse and URLSearchParams) in the scripts, and no patterns were found that would allow untrusted data to override the agent's behavior.

crypto-com-app