kaku-runtime
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes 'eval' to execute the output of local shell scripts (scripts/kaku/layout.sh) for managing layout environment variables. This pattern of dynamic execution is a security risk if script output is influenced by external factors. The skill also performs extensive terminal manipulation using 'kaku cli' and specifically instructs the use of the '--dangerously-skip-permissions' flag when launching Claude Code, which intentionally bypasses built-in user-in-the-loop security confirmations for the AI agent.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection where malicious instructions could be embedded in data processed by the agent.
- Ingestion points: The 'goal' and 'message' parameters provided in runtime session management commands enter the execution context.
- Boundary markers: No boundary markers or specific 'ignore embedded instructions' delimiters are used when these strings are sent to terminal panes.
- Capability inventory: The skill possesses full terminal execution capabilities via 'kaku cli' and 'bash'.
- Sanitization: No validation, escaping, or sanitization of the 'goal' or 'message' inputs is performed before they are injected into interactive terminal sessions.
Audit Metadata