docyrus-cli-app
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is built around the execution of the docyrus CLI tool for all platform interactions, including authentication flow, environment switching, and data operations.
- [DATA_EXFILTRATION]: The skill provides the ability to read local JSON and CSV files using the --from-file flag. Additionally, the docyrus curl command allows for arbitrary API requests within the Docyrus platform namespace.
- [EXTERNAL_DOWNLOADS]: The docyrus discover api command downloads the OpenAPI specification for the active tenant and stores it locally at ~/docyrus/tenans/tenantId/openapi.json.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the agent processes potentially untrusted data from the platform or local files. • Ingestion points: Data records retrieved via ds list, OpenAPI specifications from discover api, and local file contents from --from-file. • Boundary markers: No explicit markers or delimiters are defined to segregate platform data from agent instructions. • Capability inventory: Subprocess execution of the docyrus CLI with capabilities for record creation, modification, deletion, and API communication. • Sanitization: The skill does not specify procedures for validating or sanitizing the content of ingested records or API definitions.
Audit Metadata