cv-knowledge-query
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local npm script (
npm run search:evidence) to perform keyword-based searches against the knowledge base. This is an intended, deterministic function for data retrieval within the local environment. - [PROMPT_INJECTION]: The skill retrieves and processes data from local YAML files (achievements, stories, and metrics). 1. Ingestion points:
content/knowledge/index.yamlandcontent/knowledge/achievements/*.yaml. 2. Boundary markers: No explicit instruction-delimiters are used when processing this data. 3. Capability inventory: Executes local subprocesses via npm. 4. Sanitization: Data is used for retrieval-augmented generation without specific sanitization filters. This surface is considered safe as the data source is local to the skill's environment.
Audit Metadata