The Agent Skills Directory

Remote Code Execution (CRITICAL): The file scripts/register.sh contains a command that downloads a script from an untrusted external source and pipes it directly into the bash interpreter.
Evidence: curl -L https://foundry.paradigm.xyz | bash (line 103 in scripts/register.sh). This allows the remote server at paradigm.xyz to execute arbitrary code on the host system without verification.
Data Exposure & Credentials (HIGH): The skill requires users to export PRIVATE_KEY (blockchain wallet) and PINATA_JWT (IPFS API token) as environment variables.
Evidence: Found in SKILL.md, scripts/register.sh, and scripts/give-feedback.sh. While functional for blockchain operations, the exposure of a private key allows full control over the user's funds on the Avalanche network.
Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by reading data from external, decentralized registries (ERC-8004) and providing it to the agent.
Ingestion Points: scripts/check-agent.sh retrieves agentURI and reputation clients from the Avalanche blockchain.
Boundary Markers: Absent. There is no logic to delimit or neutralize instructions that might be embedded in the metadata fetched from the agentURI or on-chain tags.
Capability Inventory: The skill can execute cast send, which performs on-chain state changes and spends real currency (AVAX).
Sanitization: None. The script directly outputs and utilizes strings fetched from the Identity and Reputation registries.
External Downloads (MEDIUM): The skill performs network operations to api.pinata.cloud to upload files, which is not a whitelisted domain for data exfiltration analysis.
Evidence: curl -s -X POST "https://api.pinata.cloud/pinning/pinFileToIPFS" in scripts/register.sh.

erc8004-avalanche