Skills
skills/openduo/duoduo/duoduo-runtime-admin/Gen Agent Trust Hub

duoduo-runtime-admin

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system and application commands for daemon administration.
  • Uses duoduo daemon commands (status, config, logs, restart) to manage the background process.
  • Executes npm view to check for package updates and git for repository operations.
  • Runs a local Python script scripts/update_host_env.py to manage configuration variables in ~/.config/duoduo/.env.
  • [EXTERNAL_DOWNLOADS]: Fetches content from external vendor-controlled sources.
  • Downloads updated prompt files and repository data from the official vendor repository at https://github.com/openduo/duoduo.git.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present due to the ingestion of external data.
  • Ingestion points: The skill fetches markdown partition prompts from a remote Git repository in references/subconscious-refresh.md.
  • Boundary markers: The instructions recommend showing a diff to the user before applying changes, but there are no automated boundary markers for the ingested content.
  • Capability inventory: The skill can perform file system writes (via cp and mkdir), execute shell commands (duoduo), and modify environment configurations.
  • Sanitization: No programmatic sanitization or content validation is performed on the prompts fetched from the remote repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 05:52 AM