The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted metadata from the TON blockchain, creating a surface for indirect prompt injection. 1. Ingestion points: Data is retrieved via get_nfts and get_nft tools in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used for external data. 3. Capability inventory: The skill can execute asset transfers via the send_nft tool. 4. Sanitization: No metadata sanitization is described. This risk is effectively mitigated by the mandatory user confirmation workflow for all transfers.
[SAFE]: The skill follows vendor best practices by using transaction emulation to preview outcomes and requiring manual user approval for all blockchain actions.

ton-nfts