kairos-ai-docs
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the KAIROS protocol search and execution workflow.
- Ingestion points: Data retrieved from the kairos_search tool as described in the workflow in SKILL.md.
- Boundary markers: Absent; the skill does not define specific delimiters to isolate external protocol content from its own instructions or constraints.
- Capability inventory: The skill utilizes kairos_mint for writing/updating protocols and kairos_begin/kairos_next for sequential execution of protocol logic in SKILL.md.
- Sanitization: Absent; the skill is instructed to follow server-provided next_action logic and apply protocol content directly without validation or filtering of embedded instructions.
Audit Metadata