The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the bankr CLI and jq for core operations.
Executes bankr prompt to facilitate ETH bridging from Base to Mainnet and to submit registration transactions to Ethereum.
Uses jq to parse JSON responses from RPC providers and Pinata.
[EXTERNAL_DOWNLOADS]: Fetches external data from the Ethereum blockchain and decentralized storage.
Queries Ethereum JSON-RPC endpoints (Alchemy, LlamaRPC) to retrieve on-chain agent metadata.
Downloads agent registration files from IPFS via Pinata and ipfs.io gateways, or from arbitrary HTTP URLs provided in the registry.
[DATA_EXFILTRATION]: Uploads agent registration data to Pinata Cloud.
The upload-to-ipfs.sh script sends JSON profile data to api.pinata.cloud using a user-supplied PINATA_JWT for authentication.
[REMOTE_CODE_EXECUTION]: Utilizes node -e for dynamic data processing.
Executes short Node.js snippets to encode Ethereum ABI calldata and decode hex strings returned from contract calls.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection through external profile ingestion.
Ingestion points: scripts/get-agent.sh fetches agent profiles from attacker-controlled or third-party IPFS CIDs and HTTP URLs.
Boundary markers: Absent; the fetched profile content is printed directly to the console or processed as JSON without instruction-filtering.
Capability inventory: The agent has the ability to move funds (bridge ETH) and modify identity registries via the bankr tool.
Sanitization: Profiles are formatted via jq for display, but no sanitization of natural language instructions within the metadata is performed.

erc-8004