Skills
skills/stahura/domo-ai-vibe-rules/community-cli-howto/Gen Agent Trust Hub

community-cli-howto

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the community-domo-cli tool from the author's GitHub repository and the official ryuu CLI from the npm registry.
  • [COMMAND_EXECUTION]: Provides a comprehensive list of shell commands for the agent to manage Domo datasets, AppDB collections, and filesets.
  • [DATA_EXFILTRATION]: Documents the location of sensitive authentication data at ~/.config/configstore/ryuu/, noting that the CLI tool reuses credentials from this path.
  • [PROMPT_INJECTION]: The skill processes external data through command-line arguments and file inputs, which represents an indirect prompt injection surface.
  • Ingestion points: Data is ingested via --body and --body-file arguments in SKILL.md for operations like SQL execution and file uploads.
  • Boundary markers: None present; the instructions do not include delimiters or specific warnings for the agent regarding the contents of these files.
  • Capability inventory: Shell command execution capabilities across datasets, appdb, and filesets modules.
  • Sanitization: Not explicitly implemented; the skill suggests using a --dry-run flag for manual verification of payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 05:44 PM