The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill defines a tool 'mcp__agentic-payments__sign_mandate' that requires a 'private_key_hex' parameter. This design forces the agent to handle raw cryptographic secrets in its active memory and tool-calling interface, which could be exfiltrated if the agent is manipulated via prompt injection.- [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to instructions embedded in the data it processes. 1. Ingestion points: Untrusted data enters the agent context through the 'description' and 'metadata' fields in 'mcp__agentic-payments__authorize_payment' and merchant rules in 'mcp__agentic-payments__create_active_mandate'. 2. Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within transaction metadata. 3. Capability inventory: The agent has high-privilege capabilities including signing mandates, authorizing payments, and requesting multi-agent consensus. 4. Sanitization: Absent. No input validation or filtering is defined for the external strings processed by the payment tools.

agent-agentic-payments