use-kite
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The workflow in
SKILL.mdinstructs the agent to executecargo runorcargo install --path .when thektCLI is not found. This leads to the execution of arbitrary code from the repository's local environment. - [COMMAND_EXECUTION]: The
kt landandkt undocommands described inreferences/cli-behavior.mdperform high-impact history-rewriting operations, specificallygit push --force-with-leaseandgit push --force, which can cause data loss. - [CREDENTIALS_UNSAFE]: The documentation in
references/cli-behavior.mdexplicitly lists environment variable names used for storing API keys, such asKITE_OPENAI_API_KEYandOPENAI_API_KEY, facilitating potential discovery of secrets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the
kt landprocess. - Ingestion points: Git status and diff content are processed by the skill (referenced in
references/cli-behavior.md). - Boundary markers: None identified; the diff is passed directly to LLM providers.
- Capability inventory: The skill can execute subprocesses, rewrite Git history, and perform network requests (referenced in
SKILL.mdandreferences/cli-behavior.md). - Sanitization: No evidence of sanitization or escaping of the diff content before LLM processing was found.
- [EXTERNAL_DOWNLOADS]: The skill connects to local and remote API endpoints (
http://localhost:11434/api/chatand OpenAI-compatible URLs) to generate content via external LLM providers.
Recommendations
- AI detected serious security threats
Audit Metadata