The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill uses npx to fetch the awal package from the npm registry. Because it uses the @latest tag, the skill is vulnerable to supply chain attacks where a malicious update to the package would be automatically executed without verification.
Evidence: Found in allowed-tools definition: Bash(npx awal@latest trade *).
REMOTE_CODE_EXECUTION (HIGH): Using npx to run code that is not pinned to a specific version or hash constitutes unverified remote code execution.
Evidence: Multiple examples and the tool configuration utilize npx awal@latest.
COMMAND_EXECUTION (MEDIUM): The skill interprets user input (amount, tokens) and incorporates it into bash commands. While the documentation suggests quoting, the underlying mechanism of building shell strings from external input is a pattern that can lead to command injection if not handled by a strictly sanitized interface.
Evidence: npx awal@latest trade <amount> <from> <to> [options]
INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from the user (tokens, amounts) which are then used in system-level calls.
Ingestion points: amount, from, to arguments.
Boundary markers: None present in the command template.
Capability inventory: Bash execution via npx.
Sanitization: Documentation advises user-side single quoting for dollar signs, but no server-side or agent-side sanitization is defined in the skill logic.

trade