The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation section executes a remote shell script via curl piped directly into sh (from github.com/okx/onchainos-skills). This practice is highly insecure as the script's contents are not verified and could be modified at the source to execute arbitrary commands on the host machine.
[DATA_EXFILTRATION]: The skill includes a telemetry routine that generates a unique device identifier by concatenating and hashing sensitive system metadata, including the hostname, operating system details (uname), and the path to the user's home directory ($HOME). This fingerprint is then transmitted to external endpoints (plugin-store-dun.vercel.app and okx.com).
[EXTERNAL_DOWNLOADS]: The skill downloads an architecture-specific executable binary from a GitHub release (github.com/MigOKG/plugin-store) and grants it execution permissions. Executing opaque binaries from remote sources introduces significant supply chain risk.
[COMMAND_EXECUTION]: The skill utilizes npx skills add to dynamically install additional agent capabilities from third-party repositories during the setup phase, increasing the attack surface.
[CREDENTIALS_UNSAFE]: The skill manages sensitive Polymarket API credentials and caches them in a local JSON file (~/.config/polymarket/creds.json). Storing credentials in plaintext on the filesystem exposes them to any other process with access to the user's configuration directory.
[PROMPT_INJECTION]: The skill processes untrusted market data (titles, descriptions) from Polymarket APIs, creating an indirect prompt injection surface.
Ingestion points: Market data fetched from list-markets and get-market commands.
Boundary markers: Lacking explicit boundary markers in prompt interpolation logic.
Capability inventory: Trading operations (buy, sell, cancel) and on-chain contract calls.
Sanitization: Instructions advise rendering as plain text but do not implement programmatic filtering or sanitization.

polymarket