The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a local Python script (build_transaction.py) and a Bash script (post_transaction.sh) to construct, sign, and send API requests. These scripts use standard libraries (e.g., Python's json, sys, urllib.parse) and system tools (openssl, curl) for their functionality.
[EXTERNAL_DOWNLOADS]: Network operations are directed to the official Sumsub API (api.sumsub.com) for the purpose of transaction monitoring. This behavior is clearly documented and aligned with the skill's stated purpose. The use of vendor-specific endpoints for this service is considered standard functionality.
[PROMPT_INJECTION]: As the skill ingests user-provided transaction data (PII, financial details) to perform network operations, it possesses a surface for indirect prompt injection. However, the skill mitigates this risk through explicit enum validation and structural verification in the Python builder script. The instructions also enforce a sandbox-first credential policy, reducing the impact of potential data manipulation.

sumsub-create-transaction