The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill requires the agent to handle and process sensitive cryptographic secrets, specifically BIP39 mnemonics and private keys, which may lead to their exposure in the conversation history or to the AI service provider.
Evidence: The owlp wallet create command returns the seed mnemonic in plaintext JSON output (mnemonic field).
Evidence: The owlp wallet import command requires the user's secret mnemonic to be provided as a command-line argument (--mnemonic "<12 words>").
Evidence: The owlp wallet export-key command outputs the account's private key in plaintext JSON.
[COMMAND_EXECUTION]: The skill relies on the execution of shell commands to interact with the OwlPay CLI, including destructive operations and state management.
Evidence: Use of owlp reset --force and owlp reset --all --force to wipe local configuration and wallet data.
Evidence: Use of owlp wallet reset --force to delete local wallet files.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from the blockchain.
Ingestion points: owlp tx list and owlp tx detail fetch transaction history which includes user-controllable fields.
Boundary markers: The skill does not define clear boundaries or 'ignore' instructions when presenting transaction details to the agent.
Capability inventory: The agent has the capability to send funds (owlp send) and export keys, which could be targeted by an injection.
Sanitization: No sanitization or escaping of the memo or message fields is mentioned before they are processed by the agent.

owlp-cli