docyrus-account-settings
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
docyrusCLI tool to perform account management tasks. It executes commands such asdocyrus account user-profile get,docyrus account user-profile update, anddocyrus account tenant-preferences updateto read and modify settings. These are vendor-owned resources used for the skill's primary purpose. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to how user data is handled. * Ingestion points: The skill accepts user input for update flags like
--firstname,--mobile, and JSON objects for the--dataflag inSKILL.md. * Boundary markers: There are no specific delimiters or instructions for the agent to treat this user input as untrusted when assembling commands. * Capability inventory: The skill has the capability to execute shell commands with user-provided parameters via thedocyrusCLI tool. * Sanitization: The instructions do not describe any input validation or sanitization of user-provided strings prior to their use in CLI commands.
Audit Metadata