kaggle-learner
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill design creates a surface for indirect prompt injection attacks by processing external data from Kaggle competition URLs and storing it in a structured knowledge base.
- Ingestion points: The
kaggle-mineragent (referenced inSKILL.md) extracts data from external Kaggle competition URLs provided by users. - Boundary markers: The provided file templates (e.g.,
references/knowledge/nlp/eedi-2024.md) do not include explicit security delimiters or 'ignore embedded instructions' warnings for the 'Code Templates' or 'Best Practices' sections. - Capability inventory: The skill documentation implies file-write capabilities ('Knowledge is automatically added to the relevant category') and the potential for code execution ('Code Templates' are a core feature).
- Sanitization: There is no evidence of sanitization or validation of the content extracted from Kaggle before it is saved to markdown files in the
references/knowledge/directory. - Dynamic Execution Risk (SAFE): While the skill organizes 'Code Templates', there is no code in the provided files that executes these templates automatically. The risk is limited to the agent's potential misuse of the stored templates.
Audit Metadata