The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The bootstrap-env.sh script downloads binary components (caw CLI and cobo-tss-node) from vendor-owned subdomains at cobo.com. The process includes integrity checks using SHA256 checksums to verify the authenticity of the binaries.
[COMMAND_EXECUTION]: The skill utilizes the caw CLI for interacting with the wallet and manages automation scripts in the ./scripts/ directory for complex DeFi interactions.
[REMOTE_CODE_EXECUTION]: The skill facilitates self-updates by executing npx skills update when prompted by the backend system, which involves fetching and running remote code to maintain the skill's functionality.
[PROMPT_INJECTION]: The skill handles data from external recipes and remote documentation, which creates a potential surface for indirect prompt injection. This risk is addressed through explicit instructions for the agent to ignore instructions embedded in external content and by requiring mandatory human owner approval for all high-impact on-chain actions.

cobo-agentic-wallet-sandbox