The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires access to sensitive files for transaction signing and configuration. Specifically, it references ~/.config/solana/id.json (the default path for Solana private keys) and ~/.config/glam/config.json for storing RPC endpoints and vault state. This is required for the skill's primary function of managing blockchain assets.
[COMMAND_EXECUTION]: The skill provides the ability to execute high-impact financial transactions including glam-cli transfer (token transfers), glam-cli cctp bridge-usdc (cross-chain bridging), and various DeFi operations (swaps, lending, perpetuals). These are gated by the protocol's own access control mechanisms.
[DYNAMIC_EXECUTION]: The ix-mapper SDK component performs runtime remapping of Solana instructions. This dynamically transforms standard instructions into GLAM-proxied instructions to ensure they comply with vault policies and access control lists.
[INDIRECT_PROMPT_INJECTION]: The skill uses a surface where the agent ingests external data, specifically JSON templates for vault creation (glam-cli vault create <template.json>). While this is a standard operational pattern, it represents an attack surface where maliciously crafted files could influence agent behavior if not validated.

glam