The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches real-time transaction data and market pricing from well-known services including Whale Alert (api.whale-alert.io), Etherscan (api.etherscan.io), and CoinGecko (api.coingecko.com). These network operations are strictly for the skill's stated purpose of crypto monitoring.
[COMMAND_EXECUTION]: The skill utilizes local Python scripts for processing data. The agent's capabilities are appropriately restricted in the SKILL.md manifest, which limits Bash execution to Python commands related to the whale monitoring scripts.
[DATA_EXFILTRATION]: No patterns of sensitive data exfiltration were detected. The skill accesses the local filesystem to manage its own cache files and user-defined watchlists (e.g., ~/.whale_watchlist.json), which is standard behavior for this type of utility.
[PROMPT_INJECTION]: While the skill processes external data (transaction labels and addresses), it does not use dangerous functions like eval() or exec() that would make it vulnerable to high-severity indirect prompt injection. The overall risk profile for automated instruction execution via processed data is low.
[SAFE]: The skill is professionally authored with clear architecture and requirement documentation. It adheres to its functional scope and does not exhibit any suspicious or obfuscated behavior.

monitoring-whale-activity