The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Node.js scripts in the scripts/ directory to interface with APIs and perform cryptographic signing operations.
[EXTERNAL_DOWNLOADS]: Communicates with the official OKX Web3 API (web3.okx.com) and various well-known public blockchain RPC providers (e.g., LlamaRPC, Binance, Polygon) for market data and transaction broadcasting.
[CREDENTIALS_UNSAFE]: Utilizes a .env file to store OKX API credentials and optional wallet private keys for local signing. The skill includes specific safeguards, instructing the agent to never leak these secrets through environment commands.
[PROMPT_INJECTION]: Identifies a surface for indirect prompt injection. 1. Ingestion points: External token metadata (names, symbols, descriptions) is ingested via scripts/token.mjs and scripts/market.mjs. 2. Boundary markers: The instructions rely on structured JSON output rather than explicit prompt delimiters. 3. Capability inventory: scripts/trade.mjs and scripts/gateway.mjs can construct and broadcast on-chain transactions. 4. Sanitization: Token metadata is processed as structured data but is not filtered for natural language instructions that could influence agent behavior.

aicoin-onchain