ding
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create or modify a configuration file at
~/.pua/config.jsonwhen triggered by the 'set-default' command. This behavior establishes persistence for skill settings on the host filesystem by directly manipulating configuration files. - [DATA_EXFILTRATION]: The skill requires the agent to read the contents of
~/.pua/config.jsonfrom the user's home directory. Accessing files in the home directory is a sensitive operation that should be monitored, as it could potentially lead to unintended data exposure if the configuration file contains sensitive metadata. - [PROMPT_INJECTION]: The skill utilizes an indirect prompt injection surface by automatically loading and processing multiple external reference files (methodology-ding.md, ding-reminders.md, and display-protocol.md) into the agent's context. 1. Ingestion points: Multiple reference markdown files loaded via instructions in SKILL.md. 2. Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are present in the reference files. 3. Capability inventory: File read/write access to the user's home directory (~/.pua/config.json). 4. Sanitization: No evidence of sanitization or validation of the content loaded from the reference files before it is processed by the agent.
Audit Metadata