llm-kb
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines patterns for agents to use shell commands like
head,tail, andgrepto efficiently read data from specialized.kb/directories.\n- [COMMAND_EXECUTION]: A validation utility (bin/llm.kb-validate) invokes a Python script to check frontmatter metadata against JSON schemas.\n- [EXTERNAL_DOWNLOADS]: The frontmatter validation tool depends on thepyyamllibrary, a well-known and trusted package for YAML processing.\n- [SAFE]: The test infrastructure (tests/movie-tracker/test) manages credentials via local symbolic links in a temporary directory to facilitate automated agent testing without exposing data externally.\n- [PROMPT_INJECTION]: Indirect injection surface analysis:\n - Ingestion points: Markdown files within
.kb/directories (e.g.,complete-example/guests.d/olivia.md).\n - Boundary markers: Maintenance guides (
CLAUDE.md) define directory boundaries, and JSON schemas (*.jsonschema.yaml) validate metadata fields.\n - Capability inventory: The skill uses file reading, validation, and standard search/discovery tools.\n
- Sanitization: Frontmatter parsing is performed with
yaml.safe_load()to prevent arbitrary code execution during data processing.
Audit Metadata