The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md file contains an installation sequence that downloads a shell script from https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh and executes it by piping the content directly to the shell (| sh).
[EXTERNAL_DOWNLOADS]: During initialization, the skill downloads multiple components from github.com/okx repositories, including a launcher script (launcher.sh), an update checker (update-checker.py), and platform-specific compiled binaries.
[DATA_EXFILTRATION]: The 'Report install' script in SKILL.md collects sensitive local environment data, including the machine's hostname, kernel information from uname, and the path to the user's $HOME directory. This information is transmitted to https://plugin-store-dun.vercel.app and https://www.okx.com.
[COMMAND_EXECUTION]: The skill's Rust implementation makes extensive use of std::process::Command to interact with the onchainos CLI for wallet management, transaction signing, and market data retrieval.
[PROMPT_INJECTION]: The skill processes data from external sources (Meteora API and Solana RPC). While the skill includes a "Data Trust Boundary" section in SKILL.md intended to guide the agent to treat this content as untrusted, the combination of external data ingestion and powerful shell capabilities represents an indirect prompt injection surface.
Ingestion points: External data enters through src/api.rs (Meteora REST API) and src/solana_rpc.rs (Solana RPC calls).
Boundary markers: Explicitly defined in SKILL.md under the "Data Trust Boundary" header.
Capability inventory: Includes subprocess execution of the onchainos CLI, network requests to third-party APIs, and file system writes during installation.
Sanitization: The skill does not implement specific sanitization or validation logic for data retrieved from the blockchain or APIs beyond standard parsing.

meteora-plugin