The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to execute okx config show --json, which reads and displays configuration data from the local environment (specifically associated with ~/.okx/config.toml). This data includes API key profiles and authentication metadata. While this check is performed to identify the active authentication mode (API Key vs. OAuth), it exposes sensitive account information to the agent's processing context.
[EXTERNAL_DOWNLOADS]: The skill installs the @okx_ai/okx-trade-cli package via NPM. This is a vendor-provided dependency required for the skill's primary functionality. Its origin is consistent with the vendor's known infrastructure and follows expected development patterns.
[COMMAND_EXECUTION]: The skill performs sensitive financial operations, such as purchasing investment products, redeeming funds, and transferring assets between accounts, by executing commands through the okx CLI tool.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and displaying data from the OKX API, which could be manipulated to include malicious instructions.
Ingestion points: External API data retrieved via commands like earn savings balance, earn dcd products, and earn onchain offers as described in SKILL.md and reference files.
Boundary markers: Data is rendered as Markdown tables; there are no explicit instructions or delimiters in the prompt templates to isolate the agent from potential instructions embedded in the API response.
Capability inventory: The skill has access to transaction-capable commands including earn savings purchase, earn dcd quote-and-buy, and account transfer as documented in references/workflows.md and references/savings-commands.md.
Sanitization: No specific sanitization or validation of the text content returned by the external APIs is mentioned or implemented in the provided logic.

okx-cex-earn