The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/portfolio.js uses dynamic import() statements to load logic from files located several directories above the skill's root (e.g., ../../../scripts/saturnswap-client.js). This practice of loading code from computed or relative paths outside the skill's package makes its behavior dependent on the environment's file structure and can lead to the execution of unverifiable code.
[PROMPT_INJECTION]: The skill retrieves and displays data from external blockchain protocols, such as token tickers and order types, which are printed directly to the console output. This constitutes an indirect prompt injection surface where malicious data stored on the blockchain could potentially influence the AI agent's behavior.
Ingestion points: Data fetched via saturnswap-client.js and strike-client.js and processed in scripts/portfolio.js.
Boundary markers: Absent; external blockchain data is output without clear delimiters or instructions for the agent to ignore embedded commands.
Capability inventory: Node.js script execution and dynamic module loading.
Sanitization: None; metadata from the blockchain (like token tickers) is interpolated directly into the console logs.
[DATA_EXFILTRATION]: While no explicit network exfiltration was detected, the skill is designed to aggregate and expose sensitive financial data, including specific wallet holdings, open orders, and leveraged positions, which increases the sensitivity of the agent's context and the risk of exposure if other malicious skills are present.

defi-portfolio