agentos-api-knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/manage_knowledge.pyincludes anupload_filefunction that reads local files usingpath.read_text()and sends the contents to a remote server viaclient.upload_knowledge_content. This capability can be used to exfiltrate sensitive files if the agent is directed to upload them to a rogue server URL.\n- [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute a local Python scriptscripts/manage_knowledge.pyusing theuvtool. The script processes several command-line arguments, including file paths and URLs, which the agent might populate with untrusted or malicious input.\n- [PROMPT_INJECTION]: The skill implements a workflow for searching and retrieving content from external knowledge bases, which serves as an ingestion point for untrusted data (Indirect Prompt Injection).\n - Ingestion points: Content retrieved from search queries in
scripts/manage_knowledge.pyandAgentOSClient.search_knowledge.\n - Boundary markers: No delimiters or instructions to ignore embedded commands were found in the script's handling of search output.\n
- Capability inventory: The skill allows file system reads, local script execution, and network POST requests.\n
- Sanitization: The script does not perform sanitization or validation of the content retrieved from the knowledge base before it is returned to the agent context.
Audit Metadata