The Agent Skills Directory

[PROMPT_INJECTION]: The deploy_local.sh script contains an indirect prompt injection surface because it reads values from a manifest_<profile>.json file and interpolates them directly into shell commands without sanitization.
Ingestion points: The manifest_${PROFILE}.json file is parsed using jq in the extract_addresses and start_torii functions.
Boundary markers: None; extracted values like WORLD_ADDRESS are used directly as arguments in shell commands.
Capability inventory: Subprocess execution of torii and katana via bash.
Sanitization: There is no validation or escaping of the values extracted from the manifest before they are passed to the shell.
[COMMAND_EXECUTION]: The skill uses standard Dojo toolchain commands including sozo, katana, and torii to manage deployments and local development environments. The provided bash script automates these processes, including background service management and cleanup.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to well-known and trusted infrastructure such as Cartridge RPC endpoints (api.cartridge.gg) and official Starknet faucets. It also utilizes curl for local service health checks.

dojo-deploy