duoduo-channel-admin
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the duoduo CLI and associated utility scripts to perform tasks such as installing plugins, managing channel status, and resetting sessions.- [DYNAMIC_EXECUTION]: The reset-feishu-session.sh script uses eval to run commands with arguments derived from the contents of local JSON state files. This pattern poses a risk if these files contain malicious data.- [INDIRECT_PROMPT_INJECTION]: The skill manages channel descriptors and prompts, creating a surface for indirect prompt injection where instructions in these files could override agent behavior.
- Ingestion points: descriptor.md and kind-level config files.
- Boundary markers: None provided to distinguish system instructions from user prompts.
- Capability inventory: CLI-based channel management and script-driven file editing.
- Sanitization: No content validation is mentioned for configuration files.- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of plugins from the @openduo NPM organization.
Audit Metadata