The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill mandates the execution of a pre-bundled JavaScript file fluxa-cli.bundle.js. Bundled code is effectively obfuscated and impossible to audit for malicious behavior, such as credential theft or establishing backdoors.
DATA_EXFILTRATION (MEDIUM): Research topics, user intent, and agent metadata (faked emails and names) are transmitted to proxy-monetize.fluxapay.xyz. This domain is not a trusted source, and the transmission of user-specific research topics constitutes data exfiltration.
COMMAND_EXECUTION (MEDIUM): The core workflow requires the agent to execute multiple shell commands using node and python3 to manage a 'wallet' and interact with external payment proxies.
PROMPT_INJECTION (LOW): The instructions in fluxa-wallet/initialize-agent-id.md direct the agent to 'Generate these parameters yourself' and 'Do not ask the user to fill them in'. This is a direct attempt to bypass user transparency and consent during the registration process for a third-party service.
INDIRECT_PROMPT_INJECTION (LOW): The skill is highly susceptible to indirect prompt injection as it ingests untrusted content from Reddit and X.
Ingestion points: Reddit threads via openai_reddit.py and X posts via xai_x.py.
Boundary markers: Missing; the prompt templates in openai_reddit.py and xai_x.py do not include delimiters or 'ignore' warnings for the fetched content.
Capability inventory: File system writes (report.md), network requests (http.py), and command execution (fluxa-cli.bundle.js).
Sanitization: Limited to simple text truncation and relevance scoring; lacks semantic sanitization.

last30days