The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by instructing the agent to process untrusted external data that can influence execution. 1. Ingestion points: The documentation describes loading transaction state via Transaction.from(bytes) in transaction-serialization.md and resolving dynamic Intent payloads or using fetchDynamicInput() in advanced-features.md. 2. Boundary markers: Absent. There are no instructions for the agent to distinguish between valid data and embedded malicious instructions within the transaction or intent structures. 3. Capability inventory: The skill leverages client.signAndExecuteTransaction for execution, tx.moveCall for contract interactions, and tx.publish for module deployment. 4. Sanitization: Absent. While the skill mentions 'Sponsor Verification' as a concept, it lacks concrete sanitization patterns to prevent an agent from acting on malicious Move targets provided by a user or external source.
Dynamic Execution (MEDIUM): The skill introduces a plugin architecture and intent resolvers that allow logic modification at runtime. Evidence: TransactionPlugin and Intent resolver examples in advanced-features.md show how the agent can define code to transform transaction data or resolve intents into Move calls, creating a pathway for logic injection.
External Downloads & Dependencies (MEDIUM): The skill relies on external SDKs and codebases from MystenLabs. Evidence: References to the @mysten/sui package and GitHub source repositories are found in SKILL.md and transaction-serialization.md. These are external dependencies from an organization not included in the pre-approved trusted list.

sui-transaction-building