appdb-collection-create
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill documents standard administrative procedures for initializing AppDB storage using legitimate CLI tools and API endpoints.
- [COMMAND_EXECUTION]: The skill utilizes the community-domo-cli tool to create datastores and collections. This command execution is consistent with the skill's stated purpose of storage initialization and targets the Domo platform.
- [DATA_EXFILTRATION]: No unauthorized data transmission or credential exposure was detected. The skill correctly uses parameters like --instance and --body-file for standard operational workflows.
- [PROMPT_INJECTION]: The skill defines an input contract for collection names and schemas. While this data is interpolated into commands, no malicious patterns or bypass attempts were found. Regarding indirect prompt injection: 1. Ingestion points: The skill reads configuration from user-specified collection.json files; 2. Boundary markers: Absent in the example contract; 3. Capability inventory: Commands are executed via community-domo-cli (SKILL.md); 4. Sanitization: Not explicitly defined in the instructions, though standard for CLI-first workflows.
Audit Metadata