The Agent Skills Directory

[COMMAND_EXECUTION]: Multiple scripts, including register-http.sh, register-onchain.sh, and update-profile.sh, construct Node.js commands by directly interpolating shell variables (such as REGISTRATION_URL, AGENT_NAME, and NEW_URI) into single-quoted string literals within a node -e call. This lacks proper escaping, allowing for arbitrary JavaScript execution if the input variables are manipulated to contain a single quote followed by malicious code.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface via the following evidence chain:
Ingestion points: The get-agent.sh script fetches external content from IPFS gateways (pinata.cloud, ipfs.io) or HTTPS URLs retrieved from on-chain agent records.
Boundary markers: None; the fetched profile data is printed directly to the console output.
Capability inventory: The skill has the capability to perform financial transactions and bridge ETH between networks using the bankr tool.
Sanitization: None; untrusted data from the web or IPFS is processed and displayed without validation, which could influence the behavior of an agent reading the output.

erc-8004