The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill uses npx awal@latest to fetch the wallet CLI tool from the public npm registry at runtime. Since 'awal' is not from a trusted organization, this constitutes an unverifiable dependency.\n- REMOTE_CODE_EXECUTION (MEDIUM): Running an untrusted package via npx is a form of remote code execution. The use of the @latest tag is a security risk because it would automatically execute any potentially malicious code pushed to the npm registry in a supply chain attack.\n- COMMAND_EXECUTION (LOW): The skill is authorized to execute several Bash commands to manage wallet authentication, health status, and balances. While these are for intended functionality, they involve sensitive financial access.\n- PROMPT_INJECTION (LOW): A surface for indirect prompt injection exists because the skill documentation suggests the agent can read user emails to retrieve OTP codes.\n
Ingestion points: User email inbox content (SKILL.md).\n
Boundary markers: Absent. There are no instructions for the agent to ignore malicious content within the email.\n
Capability inventory: npx awal CLI for authentication, balance, and address management.\n
Sanitization: Absent. The agent is expected to parse raw email content for the OTP.

authenticate-wallet