zero-trust

Overview: This skill provides a comprehensive security protocol for agents to follow when interacting with external resources, installations, credentials, or actions with external effects. It ensures safe and secure operations by verifying the trustworthiness of external inputs and requests.

Key Features:

• Verification flow to pause, think, verify, ask, act, and log before executing external actions
• Installation rules to verify package sources, read code, and obtain explicit human approval
• Credential and API key handling guidelines for secure storage and transmission
• External actions classification to determine when to ask for approval or proceed freely
• URL/link safety checks to prevent typosquatting and suspicious TLDs

How It Works: This skill triggers on any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects. It guides the agent to follow a verification flow to ensure safe and secure operations.

Use Cases:

• Preventing data breaches by verifying the trustworthiness of external inputs and requests
• Ensuring secure package installations and dependencies
• Safely handling credentials and API keys
• Classifying external actions to determine when to ask for approval or proceed freely