docyrus-api-dev
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or safety bypass instructions were detected. The skill provides legitimate documentation for developing applications with the Docyrus platform.
- [EXTERNAL_DOWNLOADS]: The skill references NPM packages
@docyrus/api-clientand@docyrus/signin. These are vendor-owned resources for the author 'docyrus' and are used for API integration and authentication. - [DATA_EXFILTRATION]: The skill documentation includes examples of network requests to
api.docyrus.comandalpha-api.docyrus.com. These are official vendor domains required for the primary purpose of the skill and do not target sensitive local data. - [PROMPT_INJECTION]: The skill establishes an interface for retrieving data from external Docyrus data sources, which creates a theoretical surface for indirect prompt injection.
- Ingestion points: Data is ingested via REST API responses from endpoints such as
/v1/apps/{appSlug}/data-sources/{slug}/itemsas described in the documentation. - Boundary markers: No specific delimiters or instructions for the agent to ignore embedded commands in the retrieved data are provided.
- Capability inventory: The
@docyrus/api-clientlibrary provides full REST capabilities (GET, POST, PATCH, DELETE) to theapi.docyrus.comendpoints. - Sanitization: No sanitization or validation of the retrieved data content is mentioned before it is processed by the agent.
Audit Metadata