The Agent Skills Directory

[Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection through the ingestion of untrusted transaction data from external APIs. * Ingestion points: nft-minting.md (/api/mint) and payments.md (/api/payments/create). * Boundary markers: Absent. * Capability inventory: solana.signAndSendTransaction and solana.signMessage allow for direct movement of funds or authorization. * Sanitization: Absent. Transaction data received as base64 strings from remote endpoints is signed and broadcast without validation or human-in-the-loop verification.
[External Downloads] (MEDIUM): The documentation promotes runtime execution of third-party templates using npx. * Evidence: browser-sdk.md suggests npx -y create-solana-dapp@latest -t solana-foundation/templates/community/phantom-embedded-js. * Risk: This pattern executes unverified code from solana-foundation, which is not within the defined list of trusted organizations.
[Command Execution] (LOW): Standard usage of package managers for installing development dependencies. * Evidence: Multiple instances of npm install and npx expo install for Solana and Phantom SDKs.

phantom-connect