The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill executes an unverified bundled JavaScript file ./scripts/fluxa-cli.bundle.js for core functionality. Bundled scripts are opaque and could contain malicious logic that is difficult to audit.
CREDENTIALS_UNSAFE (HIGH): The skill explicitly targets and manages sensitive credentials, including JWT tokens and agent IDs, stored in ~/.fluxa-ai-wallet-mcp/.agent-config.json. The instructions direct the agent to handle these credentials without user intervention.
EXTERNAL_DOWNLOADS (MEDIUM): The skill communicates with untrusted domains proxy-monetize.fluxapay.xyz and ava-agent.fluxapay-qa.xyz. These are not included in the trusted external sources and represent a risk for data exfiltration or unverified tool responses.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it uses the webfetch_magic tool to ingest arbitrary content from external URLs without sanitization or boundary markers. This untrusted data is then used to generate diagrams and posts, which could allow an attacker to influence the agent's behavior via embedded instructions in fetched documentation. Mandatory Evidence Chain for Category 8: 1. Ingestion points: webfetch_magic tool (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Filesystem access via fluxa-cli.bundle.js, shell execution, and network operations. 4. Sanitization: None identified.

technical-walkthrough-diagram