The Agent Skills Directory

[SAFE]: The skill is well-documented and focuses on legitimate trading operations using official KuCoin API endpoints.
[COMMAND_EXECUTION]: The skill includes reference implementations in Python and Bash for HMAC-SHA256 request signing. These scripts use standard libraries (requests, hmac, hashlib) and tools (curl, openssl) to facilitate authenticated communication with the API.
[CREDENTIALS_SAFE]: Instructions are provided for the agent to handle API keys, secrets, and passphrases securely. This includes rules for masking sensitive data (e.g., showing only the last few characters of a secret) and preventing the disclosure of local file paths where secrets may be stored.
[EXTERNAL_DOWNLOADS]: The skill targets official vendor infrastructure at https://api.kucoin.com. No downloads or communications with untrusted or third-party domains were detected.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: The skill processes data returned from the KuCoin REST API (e.g., order statuses, market prices).
Boundary markers: None explicitly defined for API response processing.
Capability inventory: The skill uses network operations to interact with the API and provides code templates for local execution.
Sanitization: The skill expects responses in JSON format, which provides structured data parsing, though explicit validation logic is not shown in the reference scripts. The risk is considered minimal as it targets a known, structured API.

margin-trading