The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The Cargo.lock file exhibits a supply chain poisoning pattern. Standard Rust crates serde and serde_json have been modified within the lockfile to include suspicious dependencies (serde_core and zmij) that are not part of their official distributions. This technique is used to execute malicious code when the project is compiled from source.
[EXTERNAL_DOWNLOADS]: The skill's setup instructions download its core binary from the vendor's official GitHub repository (okx/plugin-store) and fetch the onchainos CLI installer from another vendor repository (okx/onchainos-skills).
[REMOTE_CODE_EXECUTION]: The setup script executes a downloaded shell script installer for the onchainos CLI after performing SHA256 checksum verification and uses npx skills add to install remote skill components from the vendor's store.
[COMMAND_EXECUTION]: The skill interacts with the local system by executing subprocesses for the onchainos CLI to resolve wallet addresses and perform blockchain transactions. It utilizes the --force flag to bypass interactive CLI confirmation prompts.
[PROMPT_INJECTION]: The skill includes a 'Data Trust Boundary' section that advises the AI agent to treat all data returned by RPC and external APIs as untrusted content, which serves as a mitigation against indirect prompt injection risks from external data sources.
Ingestion points: External data enters through RPC calls to public Ethereum nodes and DeFiLlama APIs (src/api.rs, src/rpc.rs).
Boundary markers: Explicit instructions in SKILL.md warn the agent against interpreting returned values as instructions.
Capability inventory: The skill can initiate transactions via shell calls to the onchainos CLI (src/onchainos.rs).
Sanitization: Content is parsed into specific numeric and string formats within the Rust commands before being returned to the agent.

etherfi-plugin