The Agent Skills Directory

[SAFE]: The skill is primarily instructional, providing code snippets for protocol implementation. It correctly identifies security risks inherent in the protocol, such as forged zap receipts and P2PK key management, and provides mitigations.
[EXTERNAL_DOWNLOADS]: The skill references the standard @cashu/cashu-ts library for Cashu integration and describes legitimate network operations using fetch() to interact with LNURL endpoints as required by the NIP-57 protocol.
[SAFE]: (Indirect Prompt Injection) The skill processes external data from LNURL servers and Nostr relays. 1. Ingestion points: LNURL JSON responses and Nostr event tags (kinds 10019, 9321, 9735) in SKILL.md and reference files. 2. Boundary markers: Explicit checks for protocol support (allowsNostr) and key validation (nostrPubkey) are recommended in the code examples. 3. Capability inventory: The skill's logic is limited to network requests (fetch) for protocol communication; no file system access, subprocess execution, or arbitrary command execution capabilities are present. 4. Sanitization: Code snippets include validation for JSON structure, cryptographic keys, and payment amounts.

nostr-zap-integration