The Agent Skills Directory

[COMMAND_EXECUTION]: The okx.py script uses subprocess.run to interact with the onchainos CLI. This is an expected and central part of the skill's architecture for executing blockchain operations.
[EXTERNAL_DOWNLOADS]: The system fetches market data (price candles) from the official OKX public REST API (okx.com). This is a well-known service and the data is used for trading analysis.
[PROMPT_INJECTION]: The skill implements a 'Security: External Data Boundary' protocol in SKILL.md. This protocol restricts the fields extracted from untrusted external data (CLI and API responses) and prevents them from being used in dynamic code construction or displayed unsafely to the user, effectively mitigating indirect prompt injection risks.
[CREDENTIALS_SAFE]: The skill utilizes 'OKX Agentic Wallet' with TEE (Trusted Execution Environment) signing. This ensures that private keys are never stored locally or exposed to the agent, providing high security for live trading operations.
[DATA_EXFILTRATION]: While the skill accesses wallet balances and transaction history, this data remains within the local environment or is sent to the official exchange API for trade execution. No unauthorized data exfiltration patterns were observed.

mainstream-spot-order