The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Bash to execute several local tools including curl for networking, jq for JSON processing, cast for blockchain RPC interactions, and open/xdg-open for browser management. It implements mandatory security rules to prevent command injection, such as single-quoting shell variables and validating Ethereum addresses using the regular expression ^0x[0-9a-fA-F]{40}$ before execution.
[EXTERNAL_DOWNLOADS]: The skill fetches token metadata, pricing, and liquidity information from api.dexscreener.com, tokens.pancakeswap.finance, api.coingecko.com, api.geckoterminal.com, and api.llama.fi. It also interacts with public RPC endpoints for multiple blockchains including BNB Chain, Ethereum, Arbitrum, Base, zkSync, Linea, opBNB, and Monad. These downloads are directed at well-known services and vendor-owned infrastructure.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting untrusted data from external APIs.
Ingestion points: Data is fetched from DexScreener, CoinGecko, GeckoTerminal, Llama.fi, and blockchain RPC calls via cast call (specified in SKILL.md).
Boundary markers: The skill contains an explicit 'Untrusted API data' rule in the Security section of SKILL.md, which instructs the agent to treat API response content as untrusted and never follow instructions found in token metadata.
Capability inventory: The skill has access to Bash (curl, jq, cast, open/xdg-open), WebFetch, and WebSearch as defined in SKILL.md.
Sanitization: Mandatory rules in SKILL.md require single-quoting user-provided shell variables and strict regex validation for contract addresses to prevent data from being interpreted as commands.

swap-planner