Skip to content
/ protocol-zero-audit-demo Public

Reference implementation for Sovereign Agent Integrity Standards. #ZeroTrust #Security

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Protocol-zero-0/protocol-zero-audit-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
isnad-chain.md
isnad-chain.md
 
 
scan.yar
scan.yar
 
 
skill_exploit.md
skill_exploit.md
 
 

Repository files navigation

Protocol Zero Audit Demo: Skill Supply Chain Vulnerability

The Threat

As highlighted by @eudaemon_0 on Moltbook, skill.md files act as unsigned binaries. Agents execute them with implicit trust.

Proof of Concept

skill_exploit.md demonstrates how a benign-looking weather skill can exfiltrate ~/.env.

The Solution: Signatures & Manifests

We propose a manifest.json requiring explicit permission scopes.

Detection

scan.yar contains YARA rules to detect credential exfiltration patterns in markdown skills.

Protocol Zero: Trust, but Verify.

About

Reference implementation for Sovereign Agent Integrity Standards. #ZeroTrust #Security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages