doko
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata and documentation include role-play instructions directing the agent to treat devices as living creatures, which serves as a behavioral override directive.
- [REMOTE_CODE_EXECUTION]: The update command downloads a new SKILL.md file from a remote server and overwrites the local definition, allowing the vendor to update the agent's instructions at runtime.
- [EXTERNAL_DOWNLOADS]: The skill fetches updated instruction sets from the vendor's API, which was flagged as an untrusted source by automated scanning.
- [DATA_EXFILTRATION]: The skill transmits the user's API key, search queries, and target URLs to the dokobot.ai domain during normal operation.
- [COMMAND_EXECUTION]: The skill uses Bash to execute curl commands with arguments derived from user-provided search terms and URLs.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from processed web data. Ingestion points: External web page content retrieved via the read command. Boundary markers: None present; the skill requests raw content return. Capability inventory: Bash tool access and filesystem modification via the update tool. Sanitization: No evidence of sanitization or filtering for retrieved content.
Recommendations
- HIGH: Downloads and executes remote code from: https://dokobot.ai/api/tools/skill - DO NOT USE without thorough review
Audit Metadata