The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to use bunx, pnpm dlx, and npx to dynamically download and execute the xno-skills package at runtime. By utilizing the @latest version tag and the -y (yes) flag, the skill executes unpinned code from a public registry without version verification or manual review, exposing the host environment to potential supply chain attacks.- [COMMAND_EXECUTION]: The CLI usage examples demonstrate passing a private key hex string directly as a command-line argument (--key <private-key-hex>). This practice is insecure as it makes sensitive credentials visible in the system's process list and records them in plaintext within the shell's command history.- [EXTERNAL_DOWNLOADS]: To facilitate CLI operations, the skill triggers the download of external software (xno-skills and @open-wallet-standard/core) from the npm registry whenever the CLI verbs are invoked.- [PROMPT_INJECTION]: The skill processes arbitrary text input for signing, which creates a surface for indirect prompt injection. A malicious input string could contain instructions intended to manipulate the agent's reasoning.
Ingestion points: The message argument in the sign_message tool and CLI commands.
Boundary markers: Absent; the skill does not use delimiters to wrap the untrusted message content.
Capability inventory: Signature generation and CLI interaction via xno-skills.
Sanitization: Absent; the skill does not validate or sanitize the message content before processing.

nano-sign-message