The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses npx to execute the @getalby/cli tool for wallet management tasks such as sending payments and checking balances.\n- [EXTERNAL_DOWNLOADS]: The @getalby/cli package is downloaded from the npm registry via npx during skill execution.\n- [DATA_EXFILTRATION]: Accesses the sensitive file path ~/.alby-cli/connection-secret.key to retrieve wallet connection secrets. This is the documented default location for the Alby CLI tool's configuration.\n- [COMMAND_EXECUTION]: A POST request is made via curl to https://faucet.nwc.dev to create test wallets for the user.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the Lightning network (SKILL.md: list-transactions, lookup-invoice) and possesses sensitive capabilities such as making payments (SKILL.md: pay-invoice, pay-keysend). No explicit boundary markers or sanitization steps are defined to prevent the agent from interpreting invoice descriptions as instructions.

alby-bitcoin-payments-cli-skill