kb-compact
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform structural filesystem operations including moving files (mv), creating directories (mkdir), and reverting changes via git checkout.
- [COMMAND_EXECUTION]: Automated post-tool hooks execute a local Python script (validate_kb.py) using the uv run command to verify the integrity of the knowledge base after modifications.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of markdown files to make decisions about terminology unification and file splitting.
- Ingestion points: The compacter agent recursively reads .md files in the target directory (agents/compacter.md).
- Boundary markers: There are no explicit delimiters or markers used to distinguish between data content and instructions when reading file contents.
- Capability inventory: The agent has access to Bash, Write, and Edit tools which could be exploited if malicious instructions are followed.
- Sanitization: The skill does not implement sanitization or filtering for the content ingested from the markdown files.
Audit Metadata