The Agent Skills Directory

[COMMAND_EXECUTION]: Executes shell commands via Bash using the npx @ton/mcp@alpha command prefix. The use of a wildcard (*) in the allowed tools pattern permits the agent to execute arbitrary sub-commands and arguments, which could lead to command injection if malicious input is provided.
[EXTERNAL_DOWNLOADS]: Utilizes npx to download and execute the @ton/mcp package from the npm registry. This is a vendor-owned package necessary for the skill's primary function.
[REMOTE_CODE_EXECUTION]: Employs npx to fetch and run remote code from the npm registry at runtime.
[DATA_EXFILTRATION]: Accesses the local configuration file at ~/.config/ton/config.json. This file contains sensitive information about registered wallets and is used by the tool to manage wallet identities.
[CREDENTIALS_UNSAFE]: The skill operates using sensitive credentials such as a 24-word MNEMONIC and hex-encoded PRIVATE_KEY passed via environment variables. These credentials provide administrative control over the wallet.
[PROMPT_INJECTION]: The skill represents an indirect prompt injection surface by processing data from the blockchain.
Ingestion points: Tools such as get_transactions and resolve_dns fetch data (comments, domain records) from the TON blockchain.
Boundary markers: None identified in the skill instructions.
Capability inventory: The skill has the capability to execute shell commands via the Bash tool.
Sanitization: No sanitization or validation of the retrieved blockchain data is specified before it is processed by the agent.

ton-cli