dida365-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
dida365-ai-toolspackage via npm (npm install -g dida365-ai-tools) or execution vianpx. The source code is hosted on an untrusted GitHub repository (https://github.com/oymy/dida365-ai-tools) that is not part of the approved trusted organizations list. This represents a risk of running unverified code. - [COMMAND_EXECUTION] (LOW): The skill is designed to interact with the system via CLI commands (e.g.,
dida365 task create). While this is the intended functionality of a CLI-based skill, users should be aware that the agent will be executing shell commands on their behalf. - [CREDENTIALS_UNSAFE] (LOW): The authentication process involves the user providing a session cookie token via the command
dida365 auth cookie <token>. Although the token is not hardcoded in the skill itself, the reliance on session cookies with a private API increases the impact if the third-party tool is compromised. - [INDIRECT_PROMPT_INJECTION] (LOW): This skill reads data from an external source (Dida365 tasks and projects) which could contain attacker-controlled instructions.
- Ingestion points: Commands like
dida365 project show,dida365 task show, anddida365 sync allpull external content into the agent's context. - Boundary markers: None identified; the skill output is processed directly.
- Capability inventory: The skill has the ability to create, modify, and delete tasks and projects on the user's Dida365 account.
- Sanitization: No evidence of sanitization or instruction filtering for the content retrieved from the Dida365 API.
Audit Metadata