The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The SKILL.md and implementation-playbook.md files mandate a 'Definition of Done' that includes executing a Python script from a hardcoded absolute local path (/Users/grisahudozestvennyj/.codex/skills/.system/skill-creator/scripts/quick_validate.py). Referencing and executing scripts from specific user directories is a significant security risk as it assumes a specific environment and executes unverified code.
[EXTERNAL_DOWNLOADS] (HIGH): The skill supports 'CircuitSource::OffChain', which allows the agent to fetch Arcis circuit artifacts from external URLs. This creates a significant 'Indirect Prompt Injection' surface where malicious code or instructions can be introduced via remote artifacts. Ingestion points: CircuitSource::OffChain URLs. Boundary markers: Absent. Capability inventory: arcium build/test, cargo check. Sanitization: Absent.
[COMMAND_EXECUTION] (MEDIUM): The skill provides instructions for the agent to execute powerful build and test commands (arcium build, arcium test, cargo check). When these commands are run on code fetched from untrusted external sources, they pose a risk of exploitation via the build toolchain.
[DATA_EXPOSURE] (LOW): The skill deals with sensitive cryptographic material like x25519 keys and nonces. While part of the protocol, providing templates for handling them increases the risk of accidental exposure if the agent or user is not careful with logs or local state.

arcium-program-development