The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to audit and develop external smart contract code, which serves as a vector for indirect prompt injection. Ingesting untrusted code while possessing the capability to execute tests via the forge framework (Foundry) creates a significant risk, as malicious contracts could attempt to exploit the test runner or use features like the FFI (Foreign Function Interface) cheatcode for command execution. Evidence: 1. Ingestion: Processes arbitrary Solidity and Rust code for development and auditing. 2. Boundary markers: Absent. 3. Capability: Subprocess execution via forge test and forge install. 4. Sanitization: Absent.
Unverifiable Dependencies (MEDIUM): The skill recommends and executes forge install OpenZeppelin/openzeppelin-contracts. This command pulls remote code from GitHub without specifying a version tag or commit hash, introducing a supply chain risk where the agent may download and use compromised or unexpected code at runtime.
Command Execution (LOW): The core workflows rely on shell command execution for initializing and managing projects (e.g., forge init, forge install). While necessary for the skill's function, these represent a capability that requires strict input validation to prevent command injection.

blockchain-developer