docyrus-app-ai-tools
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the use of the
docyrusCLI for managing application resources and defining dynamic execution logic. - The skill instructs the agent to use CLI commands such as
docyrus apps ai-tools createanddocyrus apps set-agent-contextto manage app configuration. - The skill facilitates the creation of tools that execute dynamic code:
custom_queryfor hand-written SQL andsecure_execfor sandboxed JavaScript logic, as detailed in the reference files (references/custom-query-tool.mdandreferences/secure-exec-tool.md). - [PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection as it processes and interpolates data from various sources.
- Ingestion points: Data enters the system via the
input_json_schemadefined for each tool inSKILL.md, which governs how the agent provides arguments to the tools. - Boundary markers: The instructions recommend using JSON schemas for input validation but do not specify mandatory output delimiters or sanitization for content retrieved from data sources or code execution before it is re-ingested by the agent.
- Capability inventory: The skill provides capabilities for database reading (SQL and data source queries) and script execution (JavaScript) with access to the platform's data API via
api.dsinreferences/secure-exec-tool.md. - Sanitization: Guidance is provided for SQL parameter sanitization (doubling single quotes and the
{{q}}helper) inreferences/custom-query-tool.md, though broader sanitization of tool outputs to prevent instruction injection is not explicitly detailed.
Audit Metadata