The Agent Skills Directory

[PROMPT_INJECTION]: The skill documents the use of analyticsScript and themeCSS parameters within the DEX creation and update API endpoints. These fields allow for the injection of custom JavaScript and CSS into the deployed DEX platform, representing a surface for indirect prompt injection. If an agent processes untrusted external data to populate these fields, it could result in the deployment of malicious code to the user's frontend environment.
Ingestion points: The analyticsScript (Base64 encoded) and themeCSS fields described in the API request structures in SKILL.md.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided for these fields.
Capability inventory: The skill grants the agent the ability to programmatically deploy and configure live web applications and trading interfaces via the Orderly One API.
Sanitization: There is no mention of sanitization, validation, or escaping logic for the content provided in these injection fields.
[EXTERNAL_DOWNLOADS]: The skill references a template repository (OrderlyNetworkDexCreator/dex-creator-template) and a theme configuration file hosted on GitHub. These are legitimate resources belonging to the vendor's ecosystem for DEX deployment.

orderly-one-dex