Factory AI Droid

The skill wraps a powerful `droid` CLI tool, which is described as having 'deep codebase understanding across your org' and capabilities for deployment, code modification, security reviews, and managing plugins and 'MCP servers'. While the `SKILL.md` instructions themselves are not explicitly malicious, the broad and high-privilege capabilities of the `droid` tool it exposes, combined with the fact that the binary is externally managed and pre-installed (as indicated in SKILL.md), present a significant risk. This setup could be leveraged for malicious activities if the `droid` binary itself were compromised or if the AI agent were later prompted to misuse its extensive capabilities.