The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to process transaction data using dynamic Node.js script execution (node -e). This script incorporates JSON data fetched from the Yield.xyz API. If the API provides malicious content designed to escape the JavaScript object literal in the shell command string, it could lead to arbitrary code execution on the user's host machine.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @moonpay/cli package from the npm registry. While MoonPay is a well-known service, the installation of third-party global packages increases the attack surface of the local environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the Yield.xyz API (e.g., protocol names and metadata) and uses it to drive agent logic and financial transactions. Maliciously crafted data in the external database could attempt to manipulate the agent's actions.\n
Ingestion points: Data enters the context through yields_get_all, yields_get, yields_get_validators, and yields_get_balances tools defined in SKILL.md.\n
Boundary markers: The skill uses markdown tables for output but does not provide the agent with instructions to ignore potential commands embedded in the fetched data.\n
Capability inventory: The agent has high-privilege capabilities to sign and broadcast blockchain transactions via the MoonPay MCP (transaction_sign, transaction_send).\n
Sanitization: No explicit sanitization or validation of the remote API data is performed before it is used in subsequent tool calls or transaction building.\n- [REMOTE_CODE_EXECUTION]: The setup instructions direct the user to add a remote MCP server located at https://mcp.yield.xyz/mcp. This delegates tool processing to a remote endpoint, which introduces a dependency on the security and availability of that external server.

yield-agentkit-moonpay