The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The script scripts/hydra-node.sh uses exec "$@" to pass all command-line arguments directly to the hydra-node binary or a Docker container. While this is a standard wrapper pattern, it facilitates the execution of arbitrary flags or subcommands provided by the agent or user. Additionally, the SKILL.md uses a context command !hydra-node --version to probe the local environment.- [EXTERNAL_DOWNLOADS] (LOW): The skill's metadata and fallback script reference external software installations (via brew) and a Docker image from ghcr.io/cardano-scaling/hydra-node. These sources are not on the pre-defined trusted list, although they are the official distributions for the Hydra project. Per the [TRUST-SCOPE-RULE], the severity is maintained at LOW as these are essential to the primary skill purpose.- [CREDENTIALS_UNSAFE] (SAFE): The skill handles sensitive Cardano and Hydra signing keys (.sk files) and Blockfrost API keys. It correctly provides security guidance, such as using chmod 600 to restrict file access and warning the user to treat them as secrets. No hardcoded credentials or exfiltration patterns were detected.

hydra-head