kimaki-expert
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill frequently instructs the execution of
npx -y kimaki@latest. This command downloads code from the npm registry and executes it without a confirmation prompt. As 'kimaki' is not a verified trusted source, this represents a remote code execution risk, though it is the primary method of using the tool. Evidence:SKILL.mdandreferences/kimaki-quick-reference.md. - [Indirect Prompt Injection] (LOW): The skill processes external Discord messages to control project workflows. 1. Ingestion points: Discord messages and slash commands. 2. Boundary markers: Absent; no instructions are provided to the agent to distinguish between user intent and embedded data instructions. 3. Capability inventory: Shell execution (
kimaki send) and file system mapping (kimaki project add) as documented inreferences/kimaki-quick-reference.md. 4. Sanitization: Absent; no evidence of filtering or validation of external content.
Audit Metadata