droid-bin-mod

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). These scripts intentionally patch the local droid binary to bypass UI/behavioral restrictions, disable automatic updates and code-signing protections, and force/insist on custom models—actions that constitute deliberate client-side tampering and persistence (supply‑chain/backdoor-like) and enable routing of data to attacker-controlled models even though no explicit network exfiltration code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The mission-planning / worker-base instructions explicitly tell agents to perform online lookups ("do a quick online lookup (WebSearch/FetchUrl)") as part of the required planning/setup workflow, which means the agent may fetch and read arbitrary public web content that could influence decisions or subsequent tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying a local system binary (~/.local/bin/droid), removing/altering code signatures, disabling auto-updates, and even suggests using sudo chattr to lock the file—actions that change system state, bypass update/security mechanisms, and persist unauthorized patches.