The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages Nostr Wallet Connect (NWC) connection secrets, which grant access to Bitcoin Lightning funds. It accesses and stores these secrets in plaintext files within the ~/.alby-cli/ directory.
[COMMAND_EXECUTION]: The skill relies on executing shell commands through npx to interact with the @getalby/cli tool for wallet management.
[EXTERNAL_DOWNLOADS]: The skill uses npx to download and run the @getalby/cli package from the NPM registry at runtime.
[DATA_EXFILTRATION]: The fetch command allows the agent to send HTTP requests to arbitrary external URLs. This capability could be used to exfiltrate sensitive data (such as the NWC connection secret) if the agent is misdirected.
[PROMPT_INJECTION]: The skill contains meta-instructions requesting that the agent "DO NOT SUMMARIZE" the content, attempting to override the agent's default processing behavior.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from untrusted external sources (responses from the discover and fetch commands) without sanitization or clear boundary markers.
Ingestion points: Data returned from 402index.io via the discover command and content fetched from arbitrary URLs via the fetch command.
Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore embedded commands in external data.
Capability inventory: Shell command execution (npx), file system access (~/.alby-cli/), and network operations (fetch, discover).
Sanitization: Absent. No validation or escaping of external content is specified before it enters the agent's context.

alby-bitcoin-payments