docyrus-app-ai-tools

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill guides the use of the docyrus CLI for managing application resources and defining dynamic execution logic.
  • The skill instructs the agent to use CLI commands such as docyrus apps ai-tools create and docyrus apps set-agent-context to manage app configuration.
  • The skill facilitates the creation of tools that execute dynamic code: custom_query for hand-written SQL and secure_exec for sandboxed JavaScript logic, as detailed in the reference files (references/custom-query-tool.md and references/secure-exec-tool.md).
  • [PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection as it processes and interpolates data from various sources.
  • Ingestion points: Data enters the system via the input_json_schema defined for each tool in SKILL.md, which governs how the agent provides arguments to the tools.
  • Boundary markers: The instructions recommend using JSON schemas for input validation but do not specify mandatory output delimiters or sanitization for content retrieved from data sources or code execution before it is re-ingested by the agent.
  • Capability inventory: The skill provides capabilities for database reading (SQL and data source queries) and script execution (JavaScript) with access to the platform's data API via api.ds in references/secure-exec-tool.md.
  • Sanitization: Guidance is provided for SQL parameter sanitization (doubling single quotes and the {{q}} helper) in references/custom-query-tool.md, though broader sanitization of tool outputs to prevent instruction injection is not explicitly detailed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 10:29 PM
Security Audit — agent-trust-hub — docyrus-app-ai-tools