The Agent Skills Directory

PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability surface. The skill is designed to ingest and analyze untrusted external content (Solidity smart contracts and audit documentation) while possessing high-privilege capabilities including blockchain transaction broadcasting and local command execution.
Ingestion points: Processes user-provided Solidity code, project files, and EIP documentation as specified in SKILL.md and references/security/audit-checklist.md.
Boundary markers: Absent. There are no instructions to the agent to distinguish between its own system instructions and instructions potentially embedded in code comments or data being audited.
Capability inventory: Includes the ability to execute forge script with --broadcast (modifying blockchain state), cast send with private keys (executing transactions), and running local static analysis tools (slither, aderyn) via subprocess calls.
Sanitization: Absent. The skill does not define methods for escaping or filtering malicious instructions embedded within external smart contracts or markdown documentation.
COMMAND_EXECUTION (MEDIUM): The skill frequently instructs the use of powerful CLI tools that interact with the local environment and the blockchain.
Evidence: SKILL.md provides templates for forge script script/Deploy.s.sol --broadcast and cast send $ADDR ... --private-key $PK. While intended for developer use, an agent following these instructions to process an untrusted contract could be manipulated into executing malicious transactions or local shell commands if the input data triggers a logic branch or injection.

evm-architect