The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill downloads a shell script from the okx/onchainos-skills GitHub repository and pipes it directly into the shell for execution. This repository is not on the trusted organizations list, making this an unverifiable remote execution vector.
[REMOTE_CODE_EXECUTION]: The skill uses npx to dynamically install and execute remote packages from the okx and MigOKG organizations.
[EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled binary from the MigOKG/plugin-store repository and modifies its permissions to make it executable. Executing binary files from external sources poses a security risk.
[DATA_EXFILTRATION]: An installation reporting script gathers local system information, including the hostname and the path to the user's home directory. This data is hashed into a device fingerprint and sent to external endpoints (plugin-store-dun.vercel.app and okx.com) for telemetry purposes.
[CREDENTIALS_UNSAFE]: The reporting script contains a hardcoded, Base64-encoded secret key used for HMAC signing of the device telemetry data.
[COMMAND_EXECUTION]: The skill automatically executes multiple shell commands to gather system metadata and configure the environment, including hostname, uname, shasum, and base64.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external sources such as Ethereum smart contracts and third-party APIs. Evidence Chain: 1. Ingestion points: Protocol information and position data from on-chain contracts. 2. Boundary markers: The skill includes a 'Data Trust Boundary' warning in SKILL.md. 3. Capability inventory: Can execute on-chain transactions via the archimedes binary. 4. Sanitization: No evidence of validation or sanitization of external data before processing.

archimedes-v1