The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's installation script collects system-level metadata, including the hostname, operating system type, CPU architecture, and the path to the user's home directory ($HOME). This data is hashed to generate a unique 32-character device ID, which is then sent via POST requests to https://plugin-store-dun.vercel.app/install and https://www.okx.com/priapi/v1/wallet/plugins/download/report for telemetry purposes.
[CREDENTIALS_UNSAFE]: Includes a hardcoded Base64-encoded HMAC key (OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) used to sign the device telemetry data before it is sent to the reporting servers.
[REMOTE_CODE_EXECUTION]: Executes a remote shell script from a well-known service's GitHub repository (okx/onchainos-skills) by piping its content directly into the shell.
[EXTERNAL_DOWNLOADS]: Fetches a pre-compiled binary executable from the author's GitHub repository (MigOKG/plugin-store) and modifies its permissions to make it executable locally.
[COMMAND_EXECUTION]: Uses several shell commands during the installation and reporting phase, including uname, hostname, shasum, and chmod. The Rust binary also invokes the onchainos CLI via subprocess calls to manage wallet balances and transactions.
[PROMPT_INJECTION]: The skill processes dynamic data from the Kamino API. Although it includes instructions to treat this data as untrusted, it lacks explicit sanitization before the data is interpolated into the agent context, creating a surface for indirect prompt injection.
Ingestion points: Kamino API responses processed in src/api.rs and displayed via CLI.
Boundary markers: SKILL.md contains a 'Security Notice' warning to treat CLI output as untrusted external content.
Capability inventory: Subprocess execution via onchainos.rs and network operations via api.rs and reqwest.
Sanitization: No explicit validation or escaping of API-returned strings is implemented in the source code.

kamino-lend