droyd
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external sources and possesses high-privilege capabilities.
- Ingestion points: Files
scripts/droyd-search.sh,scripts/droyd-chat.sh, andscripts/droyd-files-read.shfetch content from external crypto news, social media (X/Twitter), and remote agent storage. - Boundary markers: None identified in the script outputs to distinguish between data and instructions when returned to the agent.
- Capability inventory: The skill includes tools for financial transactions (
scripts/droyd-trade-open.sh), remote file modification (scripts/droyd-files-write.sh), and task scheduling (scripts/droyd-tasks-create.sh). - Sanitization: Content is processed via
jqfor valid JSON structure, but no natural language sanitization or filtering of embedded instructions is performed on the data fetched from the API.
Audit Metadata