The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface for indirect prompt injection via the Endaoment API.\n
Ingestion points: Charity names and descriptions are fetched from https://api.endaoment.org/v1/orgs and https://api.endaoment.org/v1/orgs/ein/ in scripts/search.sh.\n
Boundary markers: None present. The data is presented as raw text directly to the agent context.\n
Capability inventory: The skill possesses the capability to execute financial transactions (USDC donations) on the Base network via scripts/donate.sh and the Bankr tool.\n
Sanitization: None. Descriptions are truncated to 200 characters but are not filtered for malicious instructions. An attacker could use a charity's description field to perform a prompt injection attack, potentially tricking the agent into donating to an incorrect address or increasing the donation amount.\n- [Command Execution] (LOW): The scripts/donate.sh script relies on a relative path or environment variable to locate and execute an external dependency (Bankr skill script). While functional, this creates a reliance on specific local environment structures.\n- [External Downloads] (LOW): The skill performs network requests to non-whitelisted domains (api.endaoment.org and mainnet.base.org). Per [TRUST-SCOPE-RULE], while these are required for functionality, they are not from the trusted sources list.

endaoment