Skills
skills/dokobot/skills/doko/Gen Agent Trust Hub

doko

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The update command fetches a new skill definition from the vendor's domain (https://dokobot.ai/api/tools/skill). This is a standard self-update mechanism for the skill.
  • [COMMAND_EXECUTION]: The skill uses Bash to execute curl for API interactions and standard Unix utilities (head, grep, diff, cp, rm) to manage the update process. The instructions include a manual validation and diff step requiring explicit user confirmation before any files are overwritten.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the web through the read and search tools. This creates an indirect prompt injection surface.
  • Ingestion points: Data enters the agent context via the text, chunks, and items fields returned by the read and search API endpoints defined in SKILL.md.
  • Boundary markers: The skill lacks explicit instructions or delimiters to isolate untrusted web content from the agent's core instructions.
  • Capability inventory: The skill has access to the Bash tool, allowing it to execute network requests and local file operations as described in SKILL.md.
  • Sanitization: There is no evidence of sanitization or filtering of the raw external content before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:32 AM