The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves agent metadata and URIs from the blockchain. Since this data is provided by external users, it could contain malicious instructions meant to override the agent's behavior.
Ingestion points: The get and get-metadata subcommands in identity.ts fetch data from the ERC-8004 identity registry.
Boundary markers: No specific delimiters or instructions are used to prevent the agent from obeying instructions embedded within the fetched metadata.
Capability inventory: The skill allows the agent to perform on-chain transactions, transfer NFTs, and modify identity settings via identity.ts.
Sanitization: The skill validates that input metadata is hex-encoded, but does not sanitize the resulting decoded content for potential natural language instructions.

identity