The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The bootstrap-env.sh script fetches the caw CLI and TSS node binaries from download.agenticwallet.cobo.com and download.tss.cobo.com. These are official vendor domains and verified as safe resources.
[PROMPT_INJECTION]: The skill includes explicit defensive instructions to ignore and report prompt injection attempts from external data sources. Evidence for indirect injection surface: (1) Ingestion points: User messages and external content triggers such as webhooks and emails (references/security.md). (2) Boundary markers: Explicit 'Operating Safely' and 'Security Guide' sections with safety checklists. (3) Capability inventory: Can initiate on-chain transactions, contract calls, and execute local scripts. (4) Sanitization: Instructions to detect injection patterns and require direct user confirmation for all significant operations.
[COMMAND_EXECUTION]: The agent invokes the caw binary to manage wallet state and transactions. It also supports running Python and TypeScript scripts for complex DeFi workflows, with instructions to store them in a dedicated scripts directory.
[SAFE]: No malicious logic, obfuscation, or unauthorized credential exfiltration patterns were detected. All high-risk operations are protected by infrastructure-enforced pacts and require human-in-the-loop approval.

cobo-agentic-wallet-dev