The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructions utilize npx awal@latest to perform wallet operations. This command downloads the latest version of the awal package from the public npm registry and executes it immediately. Because the awal package does not originate from a trusted organization or repository defined in the security framework, this constitutes an unverifiable dependency risk where a compromised package could lead to malicious code execution in the agent's environment.- [COMMAND_EXECUTION] (LOW): The skill relies on shell command execution (Bash) to interact with cryptocurrency tools. This provides a functional capability that, while intended, increases the impact if the downloaded dependency is compromised.- [PROMPT_INJECTION] (LOW): The skill is subject to indirect prompt injection. 1. Ingestion points: User queries regarding funding or balance checks in SKILL.md. 2. Boundary markers: None present to separate user input from the command execution flow. 3. Capability inventory: Subprocess execution via npx in SKILL.md. 4. Sanitization: No sanitization or validation of the input used to trigger these tools is described.

fund