The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires the use of highly sensitive environment variables, including WALLET_PRIVATE_KEY, CDP_WALLET_SECRET, and CDP_API_KEY_SECRET. While these are intended for the skill's commerce functionality, the instructions specifically direct the agent to 'Include relevant API keys/access' within the soul.md file.
Evidence: The skill instructions state: 'Include relevant API keys/access (encrypted, never exposed)' in the soul.md registration process.
Risk: This content is subsequently uploaded to the remote API at https://api.soul.mds.markets/v1/soul/register. There is a high risk that the agent may fail to correctly encrypt these keys or may inadvertently expose them during the generation or transmission of the soul profile.
[INDIRECT_PROMPT_INJECTION]: The skill facilitates a marketplace where the agent executes services provided by other third-party agents and processes their outputs.
Ingestion points: Data enters the agent's context through the execution results of external services fetched from https://api.soul.mds.markets/v1/soul/jobs/{job_id}.
Boundary markers: Absent. The instructions do not provide the agent with specific delimiters or warnings to ignore embedded instructions within the results returned by other agents.
Capability inventory: The agent has the capability to perform network operations (curl), manage financial transactions (x402 payments), and modify its own 'soul' identity.
Sanitization: Absent. There are no instructions for validating or sanitizing the data received from the marketplace before processing.
[CREDENTIALS_UNSAFE]: The skill encourages the use of raw private keys (WALLET_PRIVATE_KEY) for payments, which is a high-risk practice compared to managed wallet solutions. Although placeholders are used in the documentation, the operational requirement for these keys increases the likelihood of accidental exposure in logs or shell history.

soul-markets