The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Multiple hardcoded private keys are included in the example files provided with the skill.
Evidence: Private key KzmFJcMXHufPNHixgHNwXBt3mHpErEUG6WFbmuQdy525DezYAi82 found in examples/brc77-private-sig.ts, bsm-sign-verify.ts, sigma-multi-sig.ts, and sigma-template.ts.
Evidence: Private key L1U5FS1PzJwCiFA43hahBUSLytqVoGjSymKSz5WJ92v8YQBBsGZ1 found in examples/brc77-private-sig.ts and sigma-multi-sig.ts.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of multiple third-party Node.js packages that are not on the trusted vendor list.
Evidence: Mentions and code usage of sigma-protocol, bsv-bap, and @bsv/sdk.
[EXTERNAL_DOWNLOADS]: Documentation describes a "Remote Signing" pattern which transmits message data and authentication credentials to arbitrary external URLs.
Evidence: references/sigma-advanced.md documents sigma.remoteSign using Authorization headers and api_key parameters against a user-specified host.
[COMMAND_EXECUTION]: The skill suggests running commands to install packages globally or add them as dependencies.
Evidence: npm install -g bsv-bap and bun add sigma-protocol in SKILL.md.
[PROMPT_INJECTION]: The skill processes untrusted blockchain data and transaction scripts, which presents an attack surface for indirect prompt injection.
Ingestion points: BitCom.decode and Sigma.decode methods in examples/sigma-template.ts and references/sigma-advanced.md process data directly from transactions.
Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the ingestion logic.
Capability inventory: The skill performs sensitive operations including cryptographic signing (sigma.sign) and verification (sigma.verify).
Sanitization: No logic for sanitizing or validating the input script chunks is mentioned.

message-signing