The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to send user-provided data to the vendor's infrastructure for cryptographic processing.
Evidence: The skill instructions use acp job create to transmit text data to the Cybercentry service at a fee of $1.00 USDC. The vendor-owned domain cybercentry.io is used for proof verification.
[EXTERNAL_DOWNLOADS]: The setup instructions require cloning a repository and installing dependencies from an external source.
Evidence: The skill directs the user to git clone https://github.com/Virtual-Protocol/openclaw-acp and execute npm install. This is the official repository for the Agent Communication Protocol (ACP) platform used by the skill.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its ingestion of data from remote service outputs.
Ingestion points: Untrusted data enters the agent context via the acp job status command and curl requests to verify.cybercentry.io, which provide the ZKP results and verification details.
Boundary markers: There are no technical boundary markers or system-level instructions provided to delimit remote tool outputs from agent instructions.
Capability inventory: The skill documentation includes examples of the agent executing shell commands (acp, curl, jq) and interacting with blockchain networks (cast send).
Sanitization: The skill provides extensive markdown-based warnings advising the user to sanitize input data (e.g., using hashes instead of raw text), though it lacks automated sanitization of the received service responses.

cybercentry-private-data-verification