The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx awal@latest, which fetches the latest version of the 'awal' package from the npm registry at runtime. This package is not from a trusted source.
[REMOTE_CODE_EXECUTION] (MEDIUM): Executing an unpinned package from an untrusted source via npx constitutes remote code execution, as the package content can be updated at any time.
[COMMAND_EXECUTION] (MEDIUM): The skill executes shell commands that handle authentication (awal auth login) and interact with the local filesystem at ~/.config/awal/.
[DATA_EXFILTRATION] (LOW): The pay command sends data and custom headers to arbitrary external URLs, which could be used to transmit sensitive information to third parties.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection by ingesting untrusted data from the 'bazaar' or arbitrary API endpoints. Evidence Chain: 1. Ingestion points: awal x402 details and search results. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (npx) and network requests. 4. Sanitization: No sanitization of external schemas or descriptions is performed before presenting to the agent.

x402