Skills
skills/stahura/domo-ai-vibe-rules/advanced-app-studio/Gen Agent Trust Hub

advanced-app-studio

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the community-domo-cli tool and python3 to automate complex operations such as app structure retrieval, layout updates, and card creation.
  • [COMMAND_EXECUTION]: In-line Python script generation is employed to manipulate JSON data structures for dashboard layouts and card definitions, executed via heredocs and CLI pipes.
  • [PROMPT_INJECTION]: The skill ingests untrusted configuration and schema data from the Domo API, creating a surface for indirect prompt injection where malicious input in an instance could influence agent behavior.
  • Ingestion points: Data retrieved from community-domo-cli app-studio get, layout-get, cards definition, and datasets schema.
  • Boundary markers: Absent; the skill does not use delimiters or warnings to isolate ingested data from instructions.
  • Capability inventory: Significant modify-access capabilities including app-studio update, layout-set, cards create, and create-view.
  • Sanitization: None; data is processed using standard JSON parsing without validation of content fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 05:44 PM