dino-dinox
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the 'dino' CLI tool for managing local data, authentication via 'dino auth login', and updating the software using system package managers through 'dino update'.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process unstructured note and task content.\n
- Ingestion points: Note and todo content retrieved via 'dino note search', 'dino note detail', and 'dino todo search' subcommands (SKILL.md).\n
- Boundary markers: Absent; the documentation does not suggest the use of delimiters or 'ignore' instructions for the agent when reading knowledge base content.\n
- Capability inventory: The agent can execute a wide range of CLI subcommands including writing to the database, modifying tags/boxes, and performing network synchronization.\n
- Sanitization: Absent; there is no indication that markdown content is sanitized or validated for malicious instructions before being returned to the agent context.
Audit Metadata