kb-add
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is managing project documentation (Knowledge Base) in the
docs/kb/directory and indexing it inCLAUDE.md. All operations are localized to the file system. - [PROMPT_INJECTION]: The skill proactively includes a security section instructing the agent to never store secrets, API keys, or sensitive credentials, which mitigates accidental data exposure.
- [DATA_EXPOSURE]: While the skill reads and writes to the file system, its scope is limited to project documentation files. It does not access sensitive system paths (e.g., SSH keys, AWS credentials).
- [REMOTE_CODE_EXECUTION]: There are no patterns of remote code execution, package installation, or dynamic shell commands. The
disable-model-invocationflag and lack of network-capable tools further limit risk. - [INDIRECT_PROMPT_INJECTION]: The skill ingests user input and reads back existing KB files. While this creates a potential surface for indirect injection, the risk is minimized by the lack of high-privilege capabilities (like network access) and the requirement for user interaction via
AskUserQuestionfor critical decisions.
Audit Metadata