The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill implements a "Bazaar" discovery protocol that extracts metadata from untrusted external payment payloads, which could potentially house malicious instructions if the agent interprets that metadata as commands.
Ingestion points: The extractDiscoveryInfo function in references/create-typescript-x402-facilitator-examples.md processes data from paymentPayload and paymentRequirements provided by external clients.
Boundary markers: No explicit boundary markers or instruction isolation is described for the extracted metadata.
Capability inventory: The skill possesses the capability to sign and submit transactions to the Algorand network through its signer interfaces.
Sanitization: While the skill uses schema validation via validateDiscoveryExtension, it does not explicitly sanitize natural language content for potential prompt injection vectors.
[DYNAMIC_EXECUTION]: The server-side middleware allows for dynamic pricing logic using callback functions that evaluate request context at runtime.
Evidence: Examples in references/create-typescript-x402-server-examples.md demonstrate the use of a function assigned to the price field to determine costs based on query parameters or request bodies.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill correctly instructs users to manage sensitive private keys through environment variables (AVM_PRIVATE_KEY) rather than hardcoding them, following standard security best practices for secret management.

algorand-x402-typescript