The Agent Skills Directory

[DATA_EXFILTRATION]: The skill collects and transmits Personal Identifiable Information (PII), including the user's full name, email address, and physical shipping address, to external merchant URLs via curl requests. This behavior is the intended purpose of the checkout functionality and is governed by internal safety rules requiring user confirmation before payment.
[COMMAND_EXECUTION]: The skill utilizes system commands through curl for all HTTP interactions with merchant endpoints and uses the fdx CLI tool for wallet authentication and payment authorization as described in SKILL.md.
[EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the @financedistrict/fdx Node.js package, which is a vendor-provided utility for wallet management and payment signing.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from external sources.
Ingestion points: Data enters the context through merchant discovery documents (.well-known/ucp, .well-known/acp.json), catalog search results, and RSS product feeds (detailed in references/ucp-wire.md and references/acp-wire.md).
Boundary markers: No explicit delimiters or instructions are provided to the agent to treat merchant-provided strings (like product descriptions) as untrusted content.
Capability inventory: The agent has the ability to execute network requests via curl and sign financial transactions using the fdx CLI.
Sanitization: There is no evidence of sanitization or filtering for the product data retrieved from merchant feeds before it is processed by the agent.

fd-agentic-commerce