The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains instructions to download and execute a shell script directly from a remote GitHub repository (https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh) using a pipe to sh. This occurs during installation, update checks, and error recovery, allowing for unverified code execution from a remote source.
[EXTERNAL_DOWNLOADS]: The skill fetches external configuration and installation scripts from a remote repository. While necessary for tool maintenance, downloading executable content from external sources at runtime increases the attack surface.
[COMMAND_EXECUTION]: System commands are used for environment checks and logic gating, including which, cat, date, and the execution of the opentrade CLI tool.
[DATA_EXFILTRATION]: The skill directs the agent to locate and load sensitive environment variable files (.env). Accessing these files can expose API tokens and other secrets stored locally.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing untrusted transaction data and local file content.
Ingestion points: User-supplied hex data for transactions, wallet addresses, and the content of .env files.
Boundary markers: No delimiters or instructions to ignore embedded commands are present when handling external data.
Capability inventory: The agent can execute network requests (curl), shell scripts (sh), and blockchain operations via a CLI.
Sanitization: No evidence of input validation or sanitization for the processed hex strings or file contents.

opentrade-gateway