The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill performs remote downloads in 'preflight.md' to fetch installer scripts and checksum files from the author's official GitHub repository ('okx/onchainos-skills'). These downloads are part of a routine maintenance flow for the 'onchainos' CLI tool and are verified using SHA256 hashes to prevent tampering.
[REMOTE_CODE_EXECUTION]: The skill executes remote shell and PowerShell scripts ('install.sh' and 'install.ps1') fetched from the vendor's GitHub repository. This behavior is considered safe in this context because the resources originate from the skill's authoritative vendor and the skill enforces cryptographic verification (SHA256) of the scripts before they are executed.
[COMMAND_EXECUTION]: The skill relies on executing subcommands via the 'onchainos' CLI to perform blockchain operations. It includes robust instructions for input validation, such as lowercase conversion for EVM addresses and verification of token addresses on specific chains, to prevent command injection or fund loss.
[PROMPT_INJECTION]: A static analysis hint flagged 'PI_CONCEALMENT' regarding instructions to interpret raw CLI errors before presenting them to the user. This is determined to be a benign UX improvement designed to replace technical error codes with understandable feedback, rather than an attempt to hide malicious activity.

okx-dex-bridge