The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill relies on npx starkfi@latest to execute its functionality. This fetches the package from the NPM registry every time the skill is invoked, which is an external download from a non-whitelisted source.
[REMOTE_CODE_EXECUTION]: The use of npx with the @latest tag executes unverified remote code. This creates a supply chain risk where a compromise of the NPM package could lead to the execution of malicious code on the user's system.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run CLI commands for blockchain transactions. User-provided parameters are interpolated into these shell commands.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its command parameters. 1. Ingestion points: User-provided values for 'amount', 'validator', 'pool', and 'token' in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to treat these inputs as data rather than instructions. 3. Capability inventory: The skill can execute shell commands via the Bash tool (e.g., 'stake', 'unstake'). 4. Sanitization: Absent; the skill does not specify any validation or escaping for the input parameters before they are passed to the shell.

staking