The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The execute-transaction command allows the agent to execute any smart contract function with arbitrary arguments or raw calldata.
Evidence: The skill documentation explicitly describes pnpm execute-transaction <swarmId> <templateJsonFile> using 'ABI Mode' or 'Raw Calldata Mode'.
Impact: If an attacker can influence the contents of the templateJsonFile, they can drain funds or interact with malicious contracts on behalf of all swarm members.
[REMOTE_CODE_EXECUTION] (HIGH): In the context of a blockchain-focused AI agent, the ability to execute arbitrary calldata is equivalent to RCE, as it allows for the execution of state-changing logic on a remote distributed virtual machine (EVM).
[DATA_EXPOSURE] (MEDIUM): The skill requires the SWARM_VAULT_API_KEY to be set in the environment. While necessary for operation, this credential grants full management access to all swarms and user wallets controlled by the account.
[DYNAMIC_EXECUTION] (MEDIUM): The skill uses a placeholder system (e.g., {{ethBalance}}, {{tokenBalance}}) to dynamically assemble transaction payloads at runtime.
Evidence: Template placeholders like {{percentage:tokenBalance:0xAddr:100}} are resolved before execution, which could be manipulated if input parameters are not strictly validated.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill has a large attack surface for indirect injection via the transaction template files it processes.
Ingestion points: templateJsonFile used in execute-transaction.
Boundary markers: Absent; the system appears to trust the content of the JSON file.
Capability inventory: High-privilege blockchain write operations (transfers, approvals, arbitrary calls).
Sanitization: Not documented; the system uses placeholders which implies a lack of hard-coded constraints on the resulting transaction structure.

swarm-vault-manager-trading