The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): Both the SKILL.md and scripts/deploy.sh explicitly recommend installing the 'compact' compiler by piping a remote script directly to the shell: 'curl --proto '=https' --tlsv1.2 -LsSf https://github.com/midnightntwrk/compact/releases/latest/download/compact-installer.sh | sh'. This organization is not on the Trusted GitHub Organizations list, making this a high-risk untrusted execution pattern.
EXTERNAL_DOWNLOADS (HIGH): The skill relies on downloading and executing binary installers from a non-whitelisted source (midnightntwrk on GitHub).
CREDENTIALS_UNSAFE (HIGH): The deploy script (scripts/deploy.sh) is designed to read a sensitive 12-word mnemonic phrase ('MY_PREVIEW_MNEMONIC') from a local '.env' file. Encouraging the storage and programmatic access of private mnemonics increases the risk of credential exposure.
COMMAND_EXECUTION (MEDIUM): The script executes dynamic 'npm run' commands (e.g., 'npm run build', 'npm run deploy:local') based on the project context. This allows for arbitrary code execution if a user is tricked into running the skill against a malicious project directory.
PROMPT_INJECTION (LOW): The skill has an attack surface for indirect prompt injection via the 'NETWORK' and 'CONTRACT_PATH' arguments in the deployment script. Evidence Chain: 1. Ingestion points: CLI arguments in scripts/deploy.sh. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to 'npm', 'compactc', 'docker', and 'openssl'. 4. Sanitization: Absent; the script resolves paths but does not validate input content.

midnight-deploy