The Agent Skills Directory

[SAFE]: The skill implements its core functionality through modular Python scripts that perform mathematical calculations and data normalization. No suspicious logic or hidden instructions were found.
[EXTERNAL_DOWNLOADS]: The skill fetches staking pool data from DeFiLlama's official API (https://yields.llama.fi/pools). DeFiLlama is a well-known and reputable service in the decentralized finance industry. This network activity is consistent with the skill's stated purpose.
[COMMAND_EXECUTION]: The skill uses scoped Bash commands (crypto:staking-*) to run its internal analysis scripts. This restricted scope prevents the execution of arbitrary system commands.
[DATA_EXFILTRATION]: No sensitive file paths (such as SSH keys or AWS credentials) are accessed. The skill uses a local JSON file in the user's home directory (~/.staking_optimizer_cache.json) specifically for caching API responses to respect rate limits, which is a standard best practice.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests data from an external API (DeFiLlama), it processes this data as structured JSON and converts it to numeric types for calculations. There is no evidence that the skill interprets or executes textual content from the API as instructions.

optimizing-staking-rewards