The Agent Skills Directory

[SAFE]: The skill is authored by OpenZeppelin and focuses on assisting developers with their official libraries. It correctly references official vendor resources, including GitHub repositories (github.com/OpenZeppelin/*) and documentation domains (docs.openzeppelin.com), which are handled as trusted sources.
[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it is designed to ingest and process untrusted user-provided smart contract files (.sol, .cairo, .rs) to provide integration assistance. 1. Ingestion points: The skill instructs the agent to read project files using Glob and Read tools (SKILL.md). 2. Boundary markers: No specific delimiters or safety instructions are defined for wrapping ingested code. 3. Capability inventory: The skill utilizes the Edit tool to modify files and can interface with MCP generator tools. 4. Sanitization: The instructions do not specify validation or sanitization of the user-provided contract code. This surface is inherent to the skill's primary purpose as a code integration assistant and does not indicate malicious intent.

develop-secure-contracts