The Agent Skills Directory

[DATA_EXFILTRATION]: Multiple code examples in the reference files (including confidential-transfer.md, metadata-and-metadata-pointer.md, pausable-mint.md, and transfer-fees.md) access the default Solana CLI wallet file located at ~/.config/solana/id.json. The secret key is read into memory to authorize and sign blockchain transactions locally.
[DATA_EXFILTRATION]: The skill documentation and the sign-with-privy.md file facilitate the transmission of Privy application secrets and authorization keys to Privy's external signing API. This is a documented requirement for the Privy embedded wallet integration.
[EXTERNAL_DOWNLOADS]: The skill instructs users to install several Node.js packages from the official NPM registry and references example code and documentation hosted on Light Protocol's GitHub organization and the zkcompression.com domain.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the blockchain.
Ingestion points: references/transaction-history.md and references/show-balance.md (via getSignaturesForOwnerInterface and getAtaInterface).
Boundary markers: Absent.
Capability inventory: The skill has capabilities for file system access (fs.readFileSync) and network transaction submission across all reference scripts.
Sanitization: Absent.

payments