The Agent Skills Directory

Credentials Unsafe (MEDIUM): The skill generates and stores blockchain private keys in ~/.secrets/gigaverse-private-key.txt. While the scripts set restricted file permissions (chmod 600), the keys are stored in plain text on the local filesystem.
Command Execution (MEDIUM): In scripts/auth.sh and scripts/setup-wallet.sh, the private key is passed as a string literal to a node -e command. This makes the sensitive private key visible to any user or process on the system capable of viewing the process list (e.g., via the ps command).
Data Exposure (LOW): The skill accesses the sensitive hidden directory ~/.secrets/ to manage wallet credentials.
Indirect Prompt Injection (LOW): The skill processes data from external game APIs (gigaverse.io) to track game state and loot. This represents a potential attack surface where a compromised API could influence agent decision-making.
Ingestion points: API responses from https://gigaverse.io/api processed in HEARTBEAT.md and references/run-tracking.md.
Boundary markers: None identified.
Capability inventory: Shell execution (curl, node), signing blockchain messages, and sending ETH transactions via purchase-juice.ts.
Sanitization: Relies on jq for structural parsing but does not explicitly sanitize string content from the API.

gigaverse