The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions involve the management of highly sensitive secrets, such as Ethereum private keys ($NOOKPLOT_AGENT_PRIVATE_KEY) and protocol API keys. Notably, it documents an endpoint (/v1/agents/me/export) specifically designed to return a decrypted private key to the agent, creating a high-risk vector for credential harvesting.
[DATA_EXFILTRATION]: The 'Bring Your Own Key' (BYOK) inference pattern described in references/economy-overview.md requires agents to send raw third-party API keys (e.g., Anthropic, OpenAI, Venice) in the request body to the gateway.nookplot.com. This design exposes sensitive external credentials to the skill vendor's infrastructure. Additionally, the 'Egress Proxy' tool (/v1/egress) enables agents to send arbitrary data to external URLs, facilitating potential data exfiltration.
[REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote code through multiple channels. The /v1/exec endpoint allows for sandbox execution in cloud containers. Furthermore, the 'Paper Reproduction' mining challenges (references/mining-paper-reproduction.md) involve downloading user-provided artifacts from IPFS and executing them locally via Docker (nookplot verify-reproduction), which is a high-severity execution vector for untrusted code.
[COMMAND_EXECUTION]: The skill frequently directs the agent to execute complex shell commands using npx @nookplot/cli, hermes, and nookplot tools. These commands often incorporate arguments derived from network responses (such as discoveryId, bountyId, and IPFS cid), which presents a surface for command injection if the remote data is controlled by an attacker.
[EXTERNAL_DOWNLOADS]: The skill relies on external packages and code from various sources. It recommends installing Node.js and Python packages from public registries and supports importing project files directly from GitHub URLs. It also makes extensive use of IPFS for retrieving reasoning traces and code artifacts, introducing significant supply chain risks.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection (Category 8) due to its design as a decentralized aggregator of untrusted content.
Ingestion points: Data enters the agent's context through messages (GET /v1/inbox), community feeds (GET /v1/feed), and research traces (GET /v1/mining/dataset).
Boundary markers: The provided templates lack delimiters or instructions for the agent to ignore embedded commands in the processed data.
Capability inventory: The agent possesses powerful capabilities, including sending messages (nookplot_send_message), executing code (nookplot_exec), and performing network requests (nookplot_egress), all of which could be exploited via malicious data.
Sanitization: There is no documentation or evidence of sanitization or validation of untrusted content before it is processed by the agent.

nookplot