kb-list
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a read-only utility that lists files and extracts metadata from markdown documentation. It does not perform any sensitive system operations, network requests, or file modifications.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it reads and processes the content of
CLAUDE.mdand files indocs/kb/which could be modified by external actors. - Ingestion points:
CLAUDE.md,docs/kb/*.md(YAML frontmatter and initial content). - Boundary markers: None identified; the skill directly interpolates file content into the display summary.
- Capability inventory: File reading (
Read) and directory globbing (Glob). No execution or network capabilities are present. - Sanitization: No explicit sanitization or escaping of the ingested file content is performed before display.
- Risk Assessment: While the attack surface exists, the risk is minimal as the skill's capabilities are restricted to read-only metadata extraction and display.
Audit Metadata