The Agent Skills Directory

[COMMAND_EXECUTION]: The execute_transaction tool enables the AI agent to execute arbitrary contract calls on-chain. This provides maximum flexibility but also allows for the execution of malicious payloads if the agent's instructions are subverted.
[CREDENTIALS_UNSAFE]: The skill requires the AGENT_PRIVATE_KEY environment variable to function. Although the skill.json file correctly marks this as a secret, handling a raw private key in the agent's environment is a significant security responsibility for the user.
[DATA_EXFILTRATION]: Tools such as send_tokens, send_token, and swap_tokens allow for the movement of assets. A subverted agent could be manipulated via prompt injection to transfer funds to an attacker-controlled address.
[EXTERNAL_DOWNLOADS]: The skill relies on external libraries and services to function:
It uses the clankerkit SDK and viem for blockchain interactions.
It communicates with the Monad RPC (https://rpc.monad.xyz) and external swap aggregators like KyberSwap and 0x API.
These are documented as part of the primary wallet functionality.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external data (token addresses, contract targets, and transaction data) that may come from untrusted sources.
Ingestion points: Parameters like target, data, token, and amount in tools like execute_transaction and swap_tokens.
Boundary markers: No explicit boundary markers or "ignore instructions" warnings are implemented in the tool definitions.
Capability inventory: The skill possesses the ability to write to the blockchain, send funds, and execute arbitrary contract code across almost all tools in src/index.ts.
Sanitization: The skill relies on the clankerkit SDK's internal PolicyEngine and viem for basic validation, but lacks higher-level sanitization for the intent behind the parameters.

clankerkit