The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/droyd-files-write.sh script provides a mechanism to upload local files to the DROYD API using multipart/form-data. This creates a surface for potential data exfiltration if the agent is manipulated into uploading sensitive local files such as credentials or configuration files.\n- [COMMAND_EXECUTION]: The skill utilizes several Bash scripts that execute curl and jq commands to interact with external API endpoints. These commands are triggered by the agent based on user instructions.\n- [PROMPT_INJECTION]: Search and chat functionalities (scripts/droyd-search.sh, scripts/droyd-chat.sh) ingest data from untrusted external sources like social media and news articles. This creates a risk of indirect prompt injection where malicious content from these sources could influence the agent's behavior. Mandatory Evidence Chain: 1. Ingestion points: scripts/droyd-search.sh, scripts/droyd-chat.sh; 2. Boundary markers: Absent; 3. Capability inventory: scripts/droyd-trade-open.sh, scripts/droyd-files-write.sh; 4. Sanitization: Not observed in local script logic.\n- [REMOTE_CODE_EXECUTION]: The skill facilitates the management of a remote execution environment ('agent sandbox') by allowing the agent to write and deploy scripts to the vendor's platform via scripts/droyd-files-write.sh. While this is a core intended feature, it constitutes a remote code execution capability.

droyd