The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from Shopify (specifically customer metafields like 'handle') is interpolated directly into prompts for the Bankr agent without sanitization or boundary markers.
Ingestion points: Shopify customer metafields ('custom.handle') read in the 'Bridge 1' and 'Bridge 3' sections of SKILL.md.
Boundary markers: Absent; the customer-controlled handle is placed directly into the prompt field of a JSON request.
Capability inventory: The skill uses curl to submit these prompts to the Bankr API, which can execute financial transfers (e.g., 'send 10 USDC').
Sanitization: None detected; the value is used immediately after extraction via jq.

bankr-shopify