The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local system utilities to perform mathematical conversions between human-readable token amounts and wei units.
Evidence: Step 3 in SKILL.md directs the agent to execute python3 -c "print(int(AMOUNT * 10**DECIMALS))" or echo "AMOUNT * 10^DECIMALS" | bc.
Risk: The variables AMOUNT (from user input) and DECIMALS (from external APIs) are interpolated directly into the command string. If these inputs contain shell metacharacters or malicious Python code, it could lead to arbitrary command execution on the host system.
[PROMPT_INJECTION]: The skill's workflow exposes a surface for indirect prompt injection through the ingestion of external data.
Ingestion points: Data is retrieved from the KyberSwap Token API, the CoinGecko API, and user input during the token resolution and quote process.
Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing these external data points.
Capability inventory: The skill has the capability to execute shell commands and perform network requests via the WebFetch tool.
Sanitization: There is no explicit instruction to sanitize or validate the external data for numeric integrity before it is used in calculations or display.
[DATA_EXFILTRATION]: The skill initiates network requests to retrieve financial data and token safety status.
Evidence: WebFetch is used to communicate with kyberswap.com and coingecko.com.
Context: These requests are directed to the vendor's official endpoints and a well-known financial service provider. The activity is essential for the skill's primary function and does not involve the transmission of sensitive system files or credentials.

quote