knowledge-base-cache
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation outlines the use of several internal Python scripts, such as
scripts/cache_manager.pyandscripts/init_knowledge_base.py, to manage the repository and build the cache tiers. It also instructs the user or agent to configure a cron job for daily refreshes to ensure data freshness. These operations are transparently documented as core features of the knowledge management system. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface (Category 8) as it is architected to ingest and process external markdown files for context assembly.
- Ingestion points: The system reads markdown files from the
repository/skills/,repository/docs/, andrepository/projects/directories. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are documented for the context assembly process.
- Capability inventory: The skill possesses capabilities for local file system access and execution of its internal management scripts.
- Sanitization: The provided documentation does not specify any sanitization or validation routines for the content retrieved from the knowledge base.
Audit Metadata