The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains logic in src/services/ows-preview-setup.ts to clone an external Git repository (https://github.com/tony1908/core.git) and compile it using cargo build. The resulting binary is then executed to perform wallet signing operations.
[EXTERNAL_DOWNLOADS]: The wallet setup command initiates a download of source code from a repository (tony1908/core.git) that does not belong to a trusted organization or well-known service.
[COMMAND_EXECUTION]: The skill utilizes a command execution service (implemented in src/services/command-runner.ts using node:child_process) to run system utilities including git and cargo, as well as the locally compiled ows binary.
[PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by fetching and displaying data from external APIs (defaulting to https://agentsats.stacksx402.com/). This data is returned to the agent as part of the command results.
Ingestion points: Data enters the context via API endpoint commands defined in src/commands/api.ts (e.g., twitter-profile, api-call).
Boundary markers: Results are structured as JSON objects with success and data fields, providing some separation, though the agent still processes the raw content of the data.
Capability inventory: The skill can execute external binaries and perform network operations.
Sanitization: There is no evidence of sanitization or filtering of the content received from the remote API before it is passed to the agent.

agentsats-cli