The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install well-known and trusted development packages, specifically Hardhat and OpenZeppelin contracts. These are industry-standard tools for blockchain development and originate from trusted organizations.
[COMMAND_EXECUTION]: The skill provides standard initialization and testing commands (npm init, hardhat test) intended for use in a local development environment. These commands are necessary for the primary purpose of the skill and do not involve unauthorized privilege escalation or persistence mechanisms.
[INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface where user input (contract names, symbols, and parameters) is interpolated into generated code files via the Write tool. While no explicit sanitization logic is provided in the instructions, the templates themselves encourage the use of safe, established patterns like OpenZeppelin's ReentrancyGuard and AccessControl, which mitigate potential runtime risks in the generated contracts.
[DATA_EXPOSURE_AND_EXFILTRATION]: Configuration templates correctly reference environment variables (e.g., process.env.PRIVATE_KEY) rather than hardcoding sensitive credentials, following security best practices for credential management.

smart-contract-generator