Skills
skills/doublewordai/doubleword-skill/doubleword/Gen Agent Trust Hub

doubleword

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an installation script from the official vendor's GitHub repository at https://raw.githubusercontent.com/doublewordai/dw/main/install.sh and mentions the autobatcher library on GitHub.
  • [REMOTE_CODE_EXECUTION]: The recommended method for installing the dw CLI involves fetching a remote shell script and piping it to the shell (curl ... | sh). This is the author's official installation method for the supported tooling.
  • [COMMAND_EXECUTION]: The skill instructions involve the execution of shell commands using dw, pip, and npx for installation and interacting with the inference services.
  • [PROMPT_INJECTION]: Identified a potential surface for indirect prompt injection. (1) Ingestion points: User-provided .jsonl files and text piped into the dw CLI as documented in SKILL.md. (2) Boundary markers: Not specified in the skill body for processed data. (3) Capability inventory: The skill can execute CLI commands (dw) and perform network requests to api.doubleword.ai. (4) Sanitization: Not documented in the skill; however, the documentation provides explicit warnings to users about avoiding the inclusion of PII or secrets in batch requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:20 PM
Security Audit — agent-trust-hub — doubleword