The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external package @aomi-labs/client via npm (npm install -g @aomi-labs/client). This package originates from a source not included in the trusted vendor lists.
[REMOTE_CODE_EXECUTION]: The skill provides instructions to execute code from the @aomi-labs/client package at runtime using npx (npx @aomi-labs/client@0.1.30 ...).
[COMMAND_EXECUTION]: The skill makes heavy use of the aomi CLI tool to perform various sensitive operations, including aomi tx sign for broadcasting blockchain transactions, aomi chat for processing natural language via remote APIs, and aomi secret add for handling credentials.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted natural language data to drive financial transactions on the blockchain.
Ingestion points: Natural language prompts are passed directly to the agent via aomi chat and aomi --prompt commands described in SKILL.md.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when passing user input to the CLI tool.
Capability inventory: The skill possesses the capability to broadcast transactions to the Ethereum network and other EVM-compatible chains (aomi tx sign).
Sanitization: The skill documents built-in protections, such as blocking "drain vectors" (where the recipient address differs from the sender) and requiring transaction simulation on forked chains (aomi tx simulate) before signing.

aomi-transact