The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection as it ingests untrusted data (Contract ABIs) to generate executable handler code.
Ingestion points: Contract ABIs located in packages/indexer/abis/.
Boundary markers: None present in the instructions to prevent the model from following instructions embedded in JSON/ABI comments.
Capability inventory: File system access via cp, and shell command execution via pnpm.
Sanitization: No explicit sanitization of ABI fields before interpolation into code templates.
[Command Execution] (LOW): The skill instructs the agent to execute shell commands such as pnpm dev and pnpm start to run the generated indexer, and curl for local health checks. These are standard development operations but should be performed in a sandboxed environment.
[Data Exposure] (SAFE): The skill references .env files for RPC URLs (e.g., PONDER_RPC_URL_84532). This is standard practice for blockchain indexing and does not include hardcoded secrets or unauthorized exfiltration patterns.

ponder-gen