The Agent Skills Directory

[SAFE]: The skill is professionally structured and follows security best practices for API integrations, including the use of authenticated endpoints and domain fallback logic.
[DATA_EXFILTRATION]: Network activity is restricted to the official BingX API domains (open-api.bingx.com and open-api.bingx.pro), which are appropriate for a skill authored by BingX-API. No unauthorized data transmission or exfiltration patterns were observed.
[PROMPT_INJECTION]: The skill includes specific defensive instructions requiring the agent to validate all user inputs against defined patterns and to reject characters like &, =, ?, and #. This effectively mitigates risks of parameter pollution and injection within the API requests.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from external BingX API endpoints. It includes validation logic for parameters and focuses on structured financial data. The ingestion of content from the vendor's own authenticated API is considered a normal and safe operation.
[COMMAND_EXECUTION]: The skill is implemented in TypeScript and is limited to network requests and data parsing; it contains no instructions or code for executing arbitrary shell commands or system-level operations.

bingx-swap-account