The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill requires the user to install a tool by piping a script from an untrusted remote URL directly into a shell. This allows the script's author to execute arbitrary, unverified code on the host system.
Evidence: curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh.
[CREDENTIALS_UNSAFE]: The skill requires an EVM_PRIVATE_KEY for on-chain operations. Since the skill also executes untrusted remote code via its installer, this creates a critical vulnerability where the private key can be stolen by the downloaded script.
Evidence: EVM_PRIVATE_KEY requirement in the Authentication section.
[EXTERNAL_DOWNLOADS]: The skill relies on downloading an installer from a personal GitHub account (purong-huang-1121) that is not a trusted organization or well-known service.
Evidence: https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh.
[PROMPT_INJECTION]: The skill uses deceptive metadata by claiming to be authored by 'okx' while its resources are hosted on an unrelated personal account. This is a metadata poisoning technique used to gain unearned trust.
Evidence: YAML frontmatter author: okx vs. the installer's source URL.
[PROMPT_INJECTION]: The skill ingests untrusted yield and vault data from external protocols and APIs (Aave, Compound, Morpho, DeFiLlama) to automate financial transactions. It lacks sanitization and boundary markers, exposing the agent to indirect prompt injection through malicious data.
Ingestion points: Aave V3 and Compound V3 on-chain queries, Morpho GraphQL API, and DeFiLlama fallback API.
Boundary markers: Absent.
Capability inventory: Wallet transactions using EVM_PRIVATE_KEY and shell command execution via the plugin-store utility.
Sanitization: Absent.

strategy-auto-rebalance