The Agent Skills Directory

[SAFE]: The skill is designed to promote secure smart contract development. It includes comprehensive instructions to ensure the agent follows security best practices, such as non-zero address checks in constructors and explicit access posture declarations for state mutations.
[COMMAND_EXECUTION]: The skill instructions include running standard development tools such as scarb build and snforge test. It also references an internal auditing script (audit_local_repo.py) used for security verification, which is appropriate for its intended purpose.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads user-provided Cairo source code from the file system. 1. Ingestion points: Turn 1(b) in SKILL.md specifies reading existing contract files using Glob and Read tools. 2. Boundary markers: The skill does not provide specific instructions for the agent to use delimiters or ignore instructions within the source code it reads. 3. Capability inventory: The agent has access to Bash (shell execution), Write (file modification), and other file system tools. 4. Sanitization: There are no explicit sanitization or validation steps for the content of the read files before processing. However, the skill includes robust defensive 'Rationalizations to Reject' instructions to prevent the agent from being coerced into implementing insecure patterns.

cairo-contract-authoring