The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where untrusted user input is interpolated into shell commands. This could potentially be exploited if an attacker provides malicious strings as IDs or policy data.
Ingestion points: User-controlled identifiers such as <sandbox-id>, <wallet-id>, and <signer>, as well as the JSON policy blob, which are processed in the instructions and shell commands within SKILL.md.
Boundary markers: Absent; the skill does not define specific delimiters or instructions to prevent the agent from interpreting instructions embedded within these data fields.
Capability inventory: The skill uses the nunchuk CLI tool to execute various system commands, including enabling platform keys and updating wallet policies.
Sanitization: Absent; there are no explicit instructions for the agent to validate, escape, or sanitize the user-provided inputs before they are used in commands.
[COMMAND_EXECUTION]: The skill relies on the nunchuk CLI tool to perform its primary functions. These commands are vendor-specific (nunchuk-io) and appear to be part of the intended functionality for managing multisig wallet policies.

nunchuk-platform-key