docyrus-account-settings

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the docyrus CLI tool to perform account management tasks. It executes commands such as docyrus account user-profile get, docyrus account user-profile update, and docyrus account tenant-preferences update to read and modify settings. These are vendor-owned resources used for the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to how user data is handled. * Ingestion points: The skill accepts user input for update flags like --firstname, --mobile, and JSON objects for the --data flag in SKILL.md. * Boundary markers: There are no specific delimiters or instructions for the agent to treat this user input as untrusted when assembling commands. * Capability inventory: The skill has the capability to execute shell commands with user-provided parameters via the docyrus CLI tool. * Sanitization: The instructions do not describe any input validation or sanitization of user-provided strings prior to their use in CLI commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:56 PM
Security Audit — agent-trust-hub — docyrus-account-settings