domo-js
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download the ryuu.js library via the npm registry and provides a CDN script tag referencing app.unpkg.com.
- [PROMPT_INJECTION]: The skill handles untrusted data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the environment through dataset fetch operations (
domo.getAll), real-time data update listeners (domo.onDataUpdated), and page filter updates (domo.onFiltersUpdated). - Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the processed data streams.
- Capability inventory: The SDK provides capabilities to perform navigation to external or internal URLs (
domo.navigate) and to modify the state of page filters (domo.requestFiltersUpdate). - Sanitization: The provided examples do not demonstrate sanitization or validation of the content received from the datasets before it is processed or used.
Audit Metadata