The Agent Skills Directory

[PROMPT_INJECTION]: Identifies an indirect prompt injection surface where malicious instructions could be embedded in metadata retrieved from the OpenSea API. 1. Ingestion points: NFT metadata and collection descriptions fetched via scripts such as opensea-nft.sh and opensea-collection.sh. 2. Boundary markers: The scripts do not implement delimiters or 'ignore instructions' warnings when presenting retrieved data to the agent. 3. Capability inventory: The skill has the capability to fulfill marketplace orders and execute token swaps via opensea-swap.sh. 4. Sanitization: No sanitization or validation of the retrieved text is performed before it is added to the agent context.
[EXTERNAL_DOWNLOADS]: Recommends the installation of the @opensea/cli package from the official NPM registry, which is a verified resource provided by the vendor.
[COMMAND_EXECUTION]: Uses curl for REST API interactions and node with the viem library to facilitate on-chain transaction execution, which is standard for blockchain-integrated tools.
[DATA_EXFILTRATION]: Performs network operations targeting official vendor domains including api.opensea.io and stream.openseabeta.com. The opensea-stream-collection.sh script passes the API key as a URL parameter for WebSocket authentication, which is the documented protocol for the OpenSea Stream API.

opensea