kb-mint
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell to create symbolic links within the .claude/skills/ directory to register new skills. This modifies the agent's persistent configuration. Evidence: Found in SKILL.md section 2, step 5.
- [COMMAND_EXECUTION]: The skill invokes local Python scripts using the uv package manager for validation and testing tasks. Evidence: Found in SKILL.md section 2 and section 5.
- [EXTERNAL_DOWNLOADS]: The workflow involves the uv tool, which automatically manages and downloads script dependencies from public registries like PyPI. Documentation suggests including packages such as requests and rich in script metadata. Evidence: Found in reference/uv-scripting-guide.md.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by converting Knowledge Base topics into executable instructions for the agent. Ingestion points: Knowledge base topics and notes. Boundary markers: Absent. Capability inventory: File writing, symbolic linking, and subprocess execution. Sanitization: Absent. This allows source material to define instructions for future agent sessions. Evidence: Found in SKILL.md and reference/skill-conversion-guide.md.
Audit Metadata