The Agent Skills Directory

[DATA_EXFILTRATION]: Malicious domain detection. The skill directs users to 'https://walletchan.com/', which has been flagged by security scanners as a malicious cryptocurrency scam site.
[CREDENTIALS_UNSAFE]: Unsafe password handling. The skill instructs users to provide an 'Agent Password' to the AI. Sharing credentials with an agent, particularly one linked to a suspicious service, presents a high risk of theft and unauthorized access.
[COMMAND_EXECUTION]: Risky browser exposure. Users are instructed to launch Chrome with the '--remote-debugging-port' flag. This enables the Chrome DevTools Protocol, which provides programmatic control over the browser, exposing sensitive session data, cookies, and the ability to act on the user's behalf to any process that can connect to the port.
[EXTERNAL_DOWNLOADS]: Malicious extension installation. The skill promotes the installation of a specific browser extension ('kofbkhbkfhiollbhjkbebajngppmpbgc') from the Chrome Web Store. Given the malicious status of the associated website, this extension is likely designed to steal cryptocurrency assets.
[PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill ingests data from untrusted external dapps and has the capability to sign transactions. A malicious website could potentially inject instructions into the page content to trick the agent into performing unauthorized financial actions.
Ingestion points: Untrusted content from dapps loaded in browser tabs.
Boundary markers: None identified; instructions do not include markers to distinguish between system guidance and page content.
Capability inventory: Full browser automation via CDP, wallet unlocking, and transaction confirmation.
Sanitization: No evidence of sanitization or verification of data received from external web pages.

walletchan