oms-cognee
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via subprocesses to perform database migrations (
cognee.run_migrationsruns Alembic) and to launch the management UI (cognee.start_ui). These operations are documented administrative features of the underlying library. - [EXTERNAL_DOWNLOADS]: The ingestion API (
cognee.add) supports fetching data from remote sources including HTTP(S) URLs and S3 buckets for inclusion in the knowledge graph. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted external data that is subsequently analyzed by LLMs for graph extraction and query responses.
- Ingestion points: Data enters the system via
cognee.add, which accepts local file paths, remote URLs, and cloud storage (S3) paths. - Boundary markers: The documentation does not specify explicit boundary markers or instructions to ignore embedded commands during the automated entity extraction (
cognify) process. - Capability inventory: The skill can write files to the system (
visualize_graph), execute shell commands for maintenance (run_migrations), and perform network requests for scraping and LLM API interaction. - Sanitization: There is no mention of sanitization or filtering of the content retrieved from external URLs before it is passed to the LLM.
Audit Metadata