Skills
skills/duyet/skills/duyetbot-knowledge/Gen Agent Trust Hub

duyetbot-knowledge

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill identifies several external data sources for profile and technical information, including duyet.net, blog.duyet.net, and github.com. These are used to maintain a local knowledge base.
  • [COMMAND_EXECUTION]: The skill includes instructions to execute a local maintenance script (./scripts/fetch-duyet-data.sh) and standard git commands (git add, git commit) to persist knowledge updates.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by ingesting external data from llms.txt files and RSS feeds.
  • Ingestion points: External URLs listed in the Knowledge Sources table (e.g., https://duyet.net/llms.txt, https://blog.duyet.net/feed).
  • Boundary markers: None explicitly defined for the ingested text.
  • Capability inventory: Execution of a local shell script and git operations.
  • Sanitization: No specific sanitization or validation steps are described for the fetched content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 06:28 PM