The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill explicitly instructs the agent to load sensitive credentials, including PRIVATE_KEY and ETHERSCAN_API_KEY, from a local .env file using source .env. Direct handling of private keys by an AI agent is a high-risk operation.
[Command Execution] (HIGH): Extensive use of shell commands via forge and cast for contract deployment, blockchain interaction, and local file system modification. This provides a broad attack surface for command injection if input parameters are not properly validated.
[Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect injection because it processes local repository files to drive execution logic with high-privilege capabilities.
Ingestion points: Reads package.json for protocol detection and versioning; reads broadcast JSON files (run-latest.json) to extract contract addresses and block numbers.
Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands embedded in metadata within the ingested files.
Capability inventory: Includes arbitrary command execution (forge script), blockchain writes (cast send), and file system writes (cp, updating deployments.ts).
Sanitization: Absent. Values extracted from JSON files are directly interpolated into shell commands and file paths without validation.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): Uses bun install to fetch packages from the npm registry and forge script to execute Solidity code. These operations depend on the integrity of the external registry and the local file system.
[Dynamic Execution] (MEDIUM): Implements runtime execution of Solidity scripts via Foundry, which is the core functionality but allows for dynamic logic execution based on repo state.

evm-deployment