The Agent Skills Directory

[COMMAND_EXECUTION]: The manager script executes local system commands (git and tar) to handle project synchronization and artifact bundling. These calls use specific, hardcoded arguments or sanitized project paths.
[REMOTE_CODE_EXECUTION]: The primary function of the skill is to execute commands on remote Daytona sandboxes. The implementation uses shell quoting for all arguments and enforces working directory constraints to prevent command injection or unauthorized file system access on the remote host.
[EXTERNAL_DOWNLOADS]: The skill facilitates data movement between the local environment and remote sandboxes. It includes logic to automatically install git in the remote environment if necessary. Safety checks are performed on downloaded archives (tarballs) to prevent path traversal attacks during extraction.
[PROMPT_INJECTION]: The skill reads and displays output (stdout/stderr) from remote commands in scripts/daytona-manager.mjs. While this introduces an indirect prompt injection surface where a malicious remote process could output instructions for the agent, the risk is minimal as the tool follows best practices for a developer utility. Ingestion points: remote stdout/stderr files; Boundary markers: absent; Capability inventory: local spawnSync and remote SDK-based file/command operations; Sanitization: path and shell argument validation is present, while content-level sanitization is absent.

daytona-companion