The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the download of installation scripts and binaries from official vendor sources, specifically getalby.com and GitHub repositories under the getAlby organization. These are used for the primary purpose of setting up the Alby Hub software.
[REMOTE_CODE_EXECUTION]: Shell installation scripts for Linux (x86_64, aarch64, and Raspberry Pi) are fetched via curl and executed using bash. These scripts are hosted on the vendor's official GitHub repository and are a standard part of the hub's deployment process.
[COMMAND_EXECUTION]: The skill uses npx to execute the @getalby/hub-cli tool and provides instructions for the user to manually install the qrencode utility using sudo.
[DATA_EXPOSURE]: The agent is instructed to interact with hub configuration files in ~/.hub-cli/. The skill includes explicit instructions for the agent to avoid reading wallet recovery mnemonic files (.recovery) to prevent sensitive seed phrases from being exposed in conversation history.
[INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface by ingesting external data such as transaction lists and payment invoices.
Ingestion points: list-transactions and lookup-transaction.
Boundary markers: None.
Capability inventory: Shell execution (npx) and payment operations.
Sanitization: CLI provides structured JSON, but no explicit sanitization of text fields is described.

alby-hub-skill