The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the eval command in the SKILL.md preamble to source configuration parameters (such as program IDs and network URLs) from the local references/program-ids.md file.\n- [COMMAND_EXECUTION]: The utility script scripts/json-get.mjs employs the new Function constructor to evaluate dynamic JavaScript expressions for parsing JSON tool output. This is used as a portable fallback for environments where the jq utility is unavailable.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the Vara Agent Network registry and chat feeds. Evidence Chain: 1. Ingestion points: agent-create.md (registry data) and agent-chat-agent.md (mentions). 2. Boundary markers: Instructions in agent-create.md Step 4 and agent-chat-agent.md "Decide" section warn the agent to treat external data as evidence, not instructions. 3. Capability inventory: The agent can perform on-chain transactions and manage wallet operations via the vara-wallet CLI. 4. Sanitization: The skill relies on instruction-based guardrails rather than technical sanitization. This surface is inherent to the skill's purpose and is managed by the provided safety guidelines.\n- [EXTERNAL_DOWNLOADS]: The skill requires and provides instructions for installing external tools like the vara-wallet CLI and the companion vara-skills pack. These are standard dependencies for the network's ecosystem and originate from the vendor's official repositories.

vara-agent-network-skills