The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @crossmint/lobster-cli package from the official npm registry. It also references official documentation and update sources on the lobster.cash domain.
[COMMAND_EXECUTION]: The skill relies on executing a variety of CLI commands through the lobstercash binary to perform wallet operations, check balances, and manage virtual cards.
[DATA_EXFILTRATION]: The skill possesses the capability to retrieve sensitive payment information, such as full virtual credit card numbers and CVVs, via the cards reveal command. However, this is a core feature for automated checkout, and the instructions include explicit warnings for the agent to handle these credentials as highly sensitive and avoid logging them.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection in the crypto x402 fetch and crypto tx create commands, as they process data (URLs and serialized transactions) from external sources. These operations are mitigated by instructions requiring explicit user consent and the presence of human-in-the-loop approval URLs in the underlying service design.

lobstercash