The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute scripts/revx_sign.py for all Revolut X API interactions.
[EXTERNAL_DOWNLOADS]: The Python helper script makes network requests to the official Revolut X domain (https://revx.revolut.com), which is a well-known service associated with the vendor revolut-engineering.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and processing data from the external Revolut X API. Evidence chain: 1. Ingestion points: JSON balance objects from the /api/1.0/balances endpoint are parsed and displayed by the agent. 2. Boundary markers: No explicit delimiters or ignore-embedded-instructions warnings are used in the prompt templates. 3. Capability inventory: The skill can execute shell commands via Bash and read local files (private keys) via the Python script. 4. Sanitization: The helper script outputs raw JSON from the API which the agent is instructed to process directly without validation or filtering.

revolut-x-balance