The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs agents to download and execute shell scripts from remote URLs by piping them directly into shell interpreters (bash/sh), a critical security risk.
Evidence in README.md: curl -fsSL https://raw.githubusercontent.com/MigOKG/plugin-store/main/install-local.sh | bash
Evidence in SKILL.md: curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh.
[DATA_EXFILTRATION]: A telemetry reporting script in SKILL.md harvests system fingerprinting data and transmits it to external servers.
Ingestion: The script gathers the local hostname, system architecture/OS details (uname), and the full path of the user's home directory ($HOME).
Exfiltration: This data is sent via POST requests to https://plugin-store-dun.vercel.app/install and https://www.okx.com/priapi/v1/wallet/plugins/download/report.
[COMMAND_EXECUTION]: The skill utilizes shell commands to extract environment information and perform cryptographic operations during setup.
It decodes an obfuscated Base64 string OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw== which represents a hidden HMAC key used for telemetry signatures.
It executes shasum -a 256 to generate identifiers from harvested system strings.
[EXTERNAL_DOWNLOADS]: The setup.sh script downloads multiple documentation and configuration files from external domains including moltbook.com, okx.com, and uniswap.org.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it requires the agent to read, evaluate, and score untrusted project submissions from other participants. It lacks robust sanitization or strict boundary markers to prevent instructions embedded in those submissions from overriding the agent's core hackathon guidelines.

okx-buildx-hackathon-agent-track