The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It is configured to ingest data from external sources such as the Etherscan API and Aave Subgraphs, as well as local configuration files like "abi.json" (Ingestion points). The documentation lacks explicit instructions for the agent to use boundary markers or to ignore potential embedded instructions within these data streams (Boundary markers). Furthermore, the skill has the capability to execute shell commands via Hardhat and perform network operations, which could be exploited if malicious data is processed (Capability inventory). No specific sanitization or validation logic for the content of these external data sources is mentioned (Sanitization).
[COMMAND_EXECUTION]: The skill documentation includes examples for executing CLI commands using the Hardhat framework ("npx hardhat run...") and "curl" for Ethereum JSON-RPC calls. These are standard developer tools for the stated purpose of smart contract management and deployment.
[EXTERNAL_DOWNLOADS]: The skill references and interacts with established third-party services and APIs, including Etherscan, The Graph (for Aave), Infura, and Alchemy. These references are used for querying blockchain data and are considered standard, well-known services within the blockchain industry.

defi-protocols