The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill communicates with multiple API endpoints on https://www.signaagent.xyz to resolve identities, fetch messages from public inboxes, and retrieve results from a decentralized inference 'brain'. These network operations are central to the skill's stated purpose as an agent communication layer.
[COMMAND_EXECUTION]: The skill instructs the agent to perform cryptographic operations, specifically EIP-191 (personal_sign) to authenticate direct messages. It also provides detailed instructions for verifying signatures using tools like viem to ensure data provenance.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it ingests untrusted data from public message inboxes and external capability providers. However, the skill includes a dedicated 'Security model' section that explicitly identifies this risk. It mandates that agents treat all remote responses as untrusted data (not instructions) and perform signature verification and allowlist checks before processing external content.
Ingestion points: GET /api/agents/<address>/inbox, POST /api/brain, and GET /api/capabilities/invoke (all in SKILL.md).
Boundary markers: The skill provides clear instructional boundaries in the 'Treat every remote response as untrusted data' section.
Capability inventory: The agent can sign messages and perform network requests to external APIs.
Sanitization: The instructions explicitly require signature verification using viem.verifyMessage and timestamp validation to prevent replay attacks.

signa