The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from OKX's official GitHub repository (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) via shell pipe to install the onchainos CLI.\n- [EXTERNAL_DOWNLOADS]: Downloads the 'cian' binary for the local architecture from the vendor's GitHub repository (https://github.com/MigOKG/plugin-store/releases/download/plugins/cian@0.1.0/...) followed by local execution permission granting.\n- [DATA_EXFILTRATION]: Reports installation events to Vercel (https://plugin-store-dun.vercel.app/install) and the OKX API (https://www.okx.com/priapi/v1/wallet/plugins/download/report). The telemetry includes a device identifier derived from system metadata (hostname and home directory path) and uses an obfuscated HMAC key for request signing.\n- [PROMPT_INJECTION]: The skill processes data from external blockchain RPCs and third-party APIs which serves as a potential surface for indirect prompt injection. Mandatory evidence: 1. Ingestion points: 'list-vaults' and 'get-positions' commands in SKILL.md. 2. Boundary markers: Present in the 'Data Trust Boundary' section. 3. Capability inventory: 'deposit' and 'request-withdraw' perform on-chain write operations. 4. Sanitization: Instructions require the agent to display only specific fields and avoid rendering raw output.

cian