The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's setup instructions include curl -L https://foundry.paradigm.xyz | bash. Directly piping content from a remote URL into a shell interpreter is a dangerous pattern that permits arbitrary code execution if the source domain or the network connection is compromised.
[COMMAND_EXECUTION]: The skill facilitates the creation and execution of dynamic content at runtime. Specifically, it guides the agent to generate Solidity exploit files (e.g., Exploit.t.sol) and execute them using the forge test command to validate vulnerabilities. Additionally, the tool provides commands like cast send for executing transactions on live or forked networks.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes data from untrusted external sources. Ingestion points: Contract source code, bytecode, and metadata are retrieved from external sources using cast etherscan-source, cast code, and Etherscan API calls. Boundary markers: The skill lacks explicit boundary markers or instructions to isolate or ignore potentially malicious instructions embedded in the code or comments of analyzed contracts. Capability inventory: The agent has access to powerful tools, including cast send for executing blockchain transactions and forge for running compiled Solidity code. Sanitization: There is no evidence of sanitization, filtering, or validation performed on the contract code before it is analyzed by the agent.
[EXTERNAL_DOWNLOADS]: The skill makes multiple requests to external APIs and domains, including api.etherscan.io, www.4byte.directory, and foundry.paradigm.xyz, to retrieve code, signatures, and installation scripts.

blockchain-auditor