The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of the nunchuk CLI tool for various wallet management tasks. These tasks include listing wallets, fetching details, and signing dummy transactions for policy updates. These operations are central to the skill's purpose and rely on the availability of the vendor-provided command-line utility.\n- [DATA_EXFILTRATION]: The skill includes commands to export sensitive cryptographic information, such as wallet descriptors and BSMS backup materials, via the nunchuk wallet export command. While this functionality is the primary purpose of the skill, the exported data contains highly sensitive secrets that must be handled with care by the user and the agent to prevent exposure.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by incorporating untrusted user input directly into shell command arguments.\n
Ingestion points: User-provided wallet IDs, custom names for recovered wallets, and file paths for backup recovery are used as arguments for the nunchuk commands within SKILL.md.\n
Boundary markers: Absent; the instructions do not implement delimiters or warnings to distinguish between user-supplied data and command parameters.\n
Capability inventory: The skill allows the execution of shell commands that can access sensitive wallet data, perform destructive deletions, or sign transactions.\n
Sanitization: No validation or escaping mechanisms are specified for the user-provided inputs used in the command templates.

nunchuk-wallet-management