The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches real-time cryptocurrency transaction data and price information from well-known services including Whale Alert, Etherscan, and CoinGecko. These references are neutral and consistent with the skill's primary purpose.
[COMMAND_EXECUTION]: The skill executes local Python scripts (whale_monitor.py) to analyze blockchain data and format results. The execution is bounded by specific tool definitions in the skill metadata.
[DATA_EXFILTRATION]: The skill maintains local state, such as a wallet watchlist and transaction cache, in the user's home directory (e.g., ~/.whale_watchlist.json). No sensitive information or user credentials are sent to external or untrusted servers.
[PROMPT_INJECTION]: The skill ingests untrusted data from external blockchain APIs which could theoretically contain malicious instructions. Ingestion points: Data enters through scripts/whale_api.py from API responses. Boundary markers: No specific boundary instructions or delimiters are used in the prompts when presenting this data. Capability inventory: The skill utilizes Bash, Read, Write, Edit, Grep, and Glob tools. Sanitization: The skill applies formatting, address truncation, and label lookup in scripts/formatters.py and scripts/wallet_labels.py before presenting data to the agent, which significantly reduces the impact of potential indirect prompt injection.

monitoring-whale-activity