The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill constructs bash commands (e.g., fdx call getX402Content --url <url>) by interpolating the URL parameter. If the input URL is not strictly sanitized, an attacker can execute arbitrary shell commands using metacharacters such as ;, &&, or backticks.
DATA_EXFILTRATION (MEDIUM): While the skill is intended for payments, a malicious prompt or indirect injection could trick the agent into authorizing payments to an attacker-controlled endpoint, effectively exfiltrating financial assets.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Untrusted data enters the agent context via the --url parameter in the getX402Content command.
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore instructions embedded in the fetched content.
Capability inventory: The skill has access to fdx call for financial transactions and sensitive wallet information via getWalletOverview.
Sanitization: Absent. The skill does not describe any validation or escaping of the content retrieved from the remote URL before returning it to the human or processing it further.

pay-for-service