kairos-code
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a structured workflow for AI-assisted coding using the KAIROS protocol. All findings are consistent with the intended functionality of a developer-oriented coding assistant.
- [COMMAND_EXECUTION]: The skill identifies and executes build, test, and deployment commands (e.g.,
npm run dev:test) and search commands (e.g.,rg) found within the project'sREADME.md. This represents a surface for indirect prompt injection. 1. Ingestion points: README.md in the project root. 2. Boundary markers: Absent. 3. Capability inventory: git, npm, rg, stat, and tail subprocess calls across SKILL.md and KAIROS.md. 4. Sanitization: Absent, although the skill logic requires the agent to ask for human confirmation if documented commands fail or require modification. - [PROMPT_INJECTION]: The skill uses strict instructional language (e.g., "Every code change MUST follow") and the
must_obeyparameter to enforce adherence to the ELITE AI CODING STANDARDS. These are internal logic constraints for the agent's operation and do not target the system prompt. - [DATA_EXFILTRATION]: Local protocol definitions and execution proofs (nonces, hashes) are transmitted to the configured KAIROS MCP server via tools like
kairos_mintandkairos_attest. This data transfer is necessary for the state-machine-based workflow orchestration provided by the author.
Audit Metadata