The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads its core binary and dependencies from GitHub repositories belonging to the vendor ('okx'). This is documented vendor functionality for the plugin environment.
[REMOTE_CODE_EXECUTION]: During the setup phase, a shell script is downloaded from the vendor's GitHub repository and executed via a pipe to the shell (curl | sh). While sourced from the official repository, this execution method bypasses standard integrity checks.
[CREDENTIALS_UNSAFE]: The SKILL.md file contains a hardcoded Base64-encoded secret key used for calculating HMAC signatures for telemetry reports sent to the vendor's infrastructure. While used for tracking rather than sensitive authentication, hardcoding secrets in instructions is an insecure practice.
[PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it ingests and processes untrusted data from blockchain RPC nodes (e.g., token names, pool price data) and TheGraph subgraphs. This is managed through explicit instructions to the agent to treat CLI output as untrusted and requiring the --confirm flag for all write operations.
Ingestion points: Token symbols, pool prices, liquidity data, and user position details retrieved from external blockchain endpoints.
Boundary markers: The skill instructions include a 'Data Trust Boundary' section specifically warning the agent about the nature of external data.
Capability inventory: The skill has the ability to execute wallet transactions through the onchainos CLI, including swaps and liquidity management.
Sanitization: No programmatic sanitization of on-chain data is demonstrated; the skill relies on the agent's adherence to safety instructions and the manual user confirmation step.

pancakeswap-v3