The Agent Skills Directory

[SAFE]: No malicious obfuscation, data exfiltration, or unauthorized code execution patterns were detected. The skill's behavior is consistent with its stated purpose of providing exchange trading capabilities.
[PROMPT_INJECTION]: The skill includes defensive instructions that act as safety guardrails, such as 'Never Display Full Secrets' and the requirement to 'confirm with the user' before performing production transactions.
[EXTERNAL_DOWNLOADS]: The skill communicates exclusively with official Crypto.com domains (api.crypto.com, 3ona.co) for both production and sandbox environments.
[COMMAND_EXECUTION]: The skill provides legitimate utility code (Bash, Python, and JavaScript) to implement HMAC-SHA256 request signing, which is a standard requirement for authenticating with the Crypto.com API.

crypto-com-exchange