The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on npx awal@latest to fetch and run the CLI tool from the npm registry. This package is not among the verified trusted sources, making it an unverifiable dependency that could be subject to supply chain attacks.
REMOTE_CODE_EXECUTION (MEDIUM): Running code directly from a remote registry via npx at runtime constitutes a remote code execution pattern.
COMMAND_EXECUTION (LOW): The skill executes shell commands to perform queries. Although it includes a warning to single-quote JSON payloads to prevent variable expansion, it remains an attack surface for command injection if the agent fails to sanitize user-provided SQL strings.
Indirect Prompt Injection (LOW): The skill processes external SQL queries within a shell environment.
Ingestion points: The <YOUR_QUERY> parameter in the bash commands.
Boundary markers: Encourages the use of single quotes for the -d flag, but does not enforce strict sanitization within the script itself.
Capability inventory: Access to the Bash tool, ability to make HTTP POST requests via the awal CLI, and the ability to authorize payments (x402 pay).
Sanitization: None observed; the skill relies on the LLM or user to provide safe SQL input.

query-onchain-data