The Agent Skills Directory

[SAFE]: The skill uses BANKR_API_KEY via environment variable interpolation (${BANKR_API_KEY}), which is the recommended practice for managing sensitive credentials.
[EXTERNAL_DOWNLOADS]: The skill communicates with api.bankr.bot for balance checks and token transfers. As the author is 'BankrBot', these are legitimate, vendor-owned API endpoints.
[PROMPT_INJECTION]: The skill processes recipient handles and addresses from user-defined lists. This represents an indirect prompt injection surface; however, the risk is minimized by the skill's specific resolve-then-execute logic and its use of the Agent API for identity resolution only.
Ingestion points: lists configuration in SKILL.md.
Boundary markers: Absent.
Capability inventory: Performs token transfers via curl network calls to api.bankr.bot.
Sanitization: Implements handle resolution and pre-transfer balance validation.

aeon-distribute-tokens