Skills
skills/ajoslin/dot/kimaki-tools/Gen Agent Trust Hub

kimaki-tools

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/link-session-to-discord.sh dynamically assembles and executes shell commands using array expansion ${SEND_CMD[@]} and direct string interpolation in SQLite queries.
  • Evidence: sqlite3 "$DB_PATH" "INSERT INTO thread_sessions (thread_id, session_id) VALUES ('$THREAD_ID', '$SESSION_ID')...". If SESSION_ID or THREAD_ID were maliciously crafted (e.g., from an indirect prompt injection), it could lead to SQL injection or unauthorized database modification.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple files execute npx -y kimaki, which triggers the download and execution of the kimaki package from the npm registry at runtime.
  • Evidence: references/kimaki-tools-reference.md and scripts/link-session-to-discord.sh use npx -y kimaki extensively. While kimaki appears to be the intended tool for this skill, the use of -y automatically accepts and runs the remote code without user confirmation.
  • [DATA_EXPOSURE] (LOW): The script reads the local user path to locate the Kimaki SQLite database.
  • Evidence: scripts/link-session-to-discord.sh uses a Node regex to extract paths matching /Users/ or /home/ to find the .db file. This exposes the local file system structure to the agent's output context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 07:23 AM